SUSE CVE-2026-7988

Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-8001

Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2026-8018

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. Chromium security severity: Low...

Absinthe.Plug 跨站脚本漏洞

Absinthe.Plug is an open-source GraphQL toolkit plugin for Elixir. Version 1.2.0 of Absinthe.Plug contains a cross-site scripting vulnerability. This vulnerability stems from the jsescape function in the GraphiQL interface not escaping backslashes, which may lead to reflective cross-site scriptin...

PT-2026-39290

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

PT-2026-39286

Name of the Vulnerable Software and Affected Versions fast-xml-builder version 1.1.5 Description An issue exists where the sanitization of -- sequences in XML comment content is insufficient. The use of .replace/--/g, '- -' fails to handle values containing three consecutive dashes e.g., ---...,...

OpenLearnX 操作系统命令注入漏洞

OpenLearnX is a decentralized adaptive learning and evaluation platform developed by th30d4y. Versions of OpenLearnX prior to 2.0.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from a sandbox escape in the code execution environment, which...

CVE-2026-29975

CVE-2026-29975 affects lwjson 1.8.1. The vulnerability is in the streaming JSON parser (lwjson_stream.c): end-of-string detection incorrectly checks only the immediately preceding character for escapes, instead of counting consecutive backslashes. This can cause valid JSON strings ending with an ...

PT-2026-39292

Name of the Vulnerable Software and Affected Versions Mistune affected versions not specified Description The math plugin in Mistune fails to sanitize user-supplied content when rendering inline math $...$ and block math $$...$$. The plugin concatenates raw input directly into the HTML output,...

Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

EUVD-2026-28415

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

UBUNTU-CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

GO-2026-4980 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

JLSEC-2026-489 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service ...

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

JLSEC-2026-487

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

CVE-2026-26956

A flaw was found in vm2, an open-source sandbox for Node.js. An attacker can exploit this vulnerability by running malicious code within the VM.run function, allowing them to escape the sandbox and gain access to the host process. This can lead to arbitrary code execution on the host system,...