PT-2026-44644

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue in GFX allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after...

PT-2026-44576

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HT...

PT-2026-44601

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An inappropriate implementation in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML pag...

PT-2026-44696

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in WebRTC allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...

PT-2026-44656

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after...

PT-2026-44685

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in WebShare allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafte...

PT-2026-44595

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Base allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs whe...

PT-2026-44598

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read and write issue in Dawn allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique...

PT-2026-44680

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description An uninitialized use in Gamepad allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A sandbox esca...

PT-2026-44585

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description A use after free issue in WebGL allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw tha...

PT-2026-44584

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read in WebGL allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. An out of bounds read occurs when a program rea...

RockyLinux 9 : mingw-glib2 (RLSA-2026:18705)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18705 advisory. glib: Integer overflow in in gescapeuristring CVE-2025-13601 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...

RHEL 10 : firefox (RHSA-2026:21380)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:21380 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : firefox (RHSA-2026:21378)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21378 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs

Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...

GHSA-2GV2-CFFP-J227 Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs

Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...

CVE-2026-46402 Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

CVE-2026-46402

Microsoft UFO (open-source framework) 3.0.1-4-ge2626659 exposes a path traversal risk by using the user-controlled task_name when building session log paths, enabling an authenticated client to create log directories/files outside the intended logs/ directory. This can impact integrity and availa...

CVE-2026-45102

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98...

CVE-2026-44635

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...