29728 matches found
ROS-20260122-73-0011
A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type conversion errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
ROS-20260122-73-0022
A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML pa...
CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing
EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...
EUVD-2025-206320
EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...
cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23965 via org.webjars.npm:sm-crypto (=0.3.13)
org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...
cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23967 via org.webjars.npm:sm-crypto (=0.3.13)
org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
CLSA-2026-1768989206 pki-servlet-engine: Fix of CVE-2025-55752
CVE-2025-55752: fix improper normalization in RewriteValve to prevent path traversal attacks...
AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper
Summary A vulnerability was discovered during a manual security audit of the AlchemyCMS source code. The application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Details The...
PT-2026-3870
Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.6.17 and prior to 3.7.8 Description Argo Workflows contains a stored cross-site scripting XSS issue in the artifact directory listing. This allows a workflow author to execute arbitrary JavaScript in another...
Restore to Google Compute Engine Fails with API Errors When Using Helper Appliance
Challenge When restoring a VM to Google Compute Engine GCE, the following errors occur: For Windows platform: Failed to restore to GCE: import-image: datestamp step "import" run error: step "wait-for-bootstrap" did not complete within the specified timeout of 20m0s System.Exception For Linux...
PT-2026-3893
Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description sm-crypto, a JavaScript library providing implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a flaw in the SM2 decryption logic. An attacker can recover the private ke...
Hasura GraphQL Engine: Operating System Command Injection Vulnerability
Hasura GraphQL Engine is a very fast GraphQL server developed by Hasura as open source. Version 1.3.3 of Hasura GraphQL Engine contains a vulnerability related to operating system command injection. This vulnerability stems from SQL queries that allow remote code execution, potentially enabling t...
AlchemyCMS - Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper
Summary A vulnerability was discovered during a manual security audit of the AlchemyCMS source code. The application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Details The...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the getSecretKey function. An attacker can gain unauthorized access to secrets across namespaces by exploiting the function's ability to bypass security mechanisms and retrieve secrets using elevated...
Improper Neutralization of Special Elements Used in a Template Engine
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine when processing untrusted template expressions. An attacker can execute arbitrary code on the server by injecting specially crafted template payloads. Remediation...
CVE-2026-0901
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...
CVE-2026-0902
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-0900
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-0900
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...