PT-2026-38211

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in DevTools allows a remote attacker to potentially perform a sandbox escape via malicious network traffic. A sandbox escape is a process where a program...

PT-2026-37229

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description An issue exists in the NamedPipeServer::OpenHandler function where the server field from NAMED PIPE OPEN REQ is copied into a fixed WCHAR pipename160 stack buffer using wcscat without verifyi...

Jupyter Server 路径遍历漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier contain a path traversal vulnerability. This vulnerability stems from path traversal issues in the REST API, which may all...

PT-2026-37025

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...

PT-2026-38184

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in the UI allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after fre...

PT-2026-38104

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in Aura on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Use afte...

PT-2026-38160

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Navigation allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag...

PT-2026-38092

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds read and write issue in V8 allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Recommendations Update to version...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient data validation in the InterestGroups function, which could allow remote attackers to exploit...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after the Aura object was released, which could allow remote attackers to exploit the syst...

PT-2026-38121

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in WebRTC allows a remote attacker to execute arbitrary code inside a sandbox by utilizing a crafted HTML page. Recommendations Update to version 148.0.7778.96 or...

PT-2026-38163

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in TopChrome allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Use after free...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of GPU resources after they were released, which could allow remote attackers to exploit the system...

PT-2026-37226

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains an information leak and a stack buffer overflow. An information leak occurs when a sandboxed process sends an IPC reque...

PT-2026-38093

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A heap buffer overflow exists in ANGLE, which is a compatibility layer that translates OpenGL ES calls to other graphics APIs. This issue allows a remote attacker who has already...

PT-2026-38156

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An inappropriate implementation in ServiceWorker allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape through a crafted HTML...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow in ANGLE, which could allow a remote attacker with access to the renderer process to execute a sandbo...

GHSA-QQ3R-W4HJ-GJP6 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

Impact A crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same or later archive could traverse that symlink to reach host paths the build user could write to. The root cause was the...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through the DirFS process. An attacker can gain unauthorized access to files outside the intended build root by crafting a malicious archive containing a symlink entry that points outside the build root, followed by...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the write process. An attacker can cause unauthorized file writes outside the intended sandbox mount root by...