Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a resource management vulnerability. This vulnerability stemmed from the reuse of the WebMIDI component after its release, which could allow remote attackers with compromised...

OpenClaw 后置链接漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 had a post-link vulnerability due to a sandbox escape issue. This vulnerability could allow remote attackers to access arbitrary files by exploiting symbolic links during fil...

PT-2026-35833

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A use after free a condition where a program continues to use a memory address after it has been freed in the GPU component allows a remote attacker to potentially perform a sandbox...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a security vulnerability caused by a heap buffer overflow in the Skia component. This vulnerability could allow remote attackers who have compromised rendering processes to execute ...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

PT-2026-35841

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A use after free issue in WebRTC allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occur...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a security vulnerability caused by excessive access to the Angle component’s data. This vulnerability could allow remote attackers to execute a sandbox escape through a specially...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a security vulnerability caused by a type confusion in the V8 component. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a special...

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

OpenClaw Backlink Vulnerability (CNVD-2026-19028)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to upload a tar archive file containing a symbolic link to escape the sandbox and overwrite files on a remote host...

CVE-2026-41526

In KDE KCoreAddons prior to 6.25, the KShell::quoteArgs function intended to safely quote arguments for shell commands does not correctly handle metacharacters, enabling possible shell escapes. The issue affects applications using this path to process user input in security-critical contexts, not...

(0Day) OpenAI Codex Sandbox Escape Vulnerability

This vulnerability allows remote attackers to bypass the sandbox on affected installations of OpenAI Codex. User interaction is required to exploit this vulnerability in that the target must use Codex to process a repository containing malicious JavaScript. The specific flaw exists within the...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a resource management vulnerability. This vulnerability stemmed from the reuse of ANGLE components after their release, which could allow remote attackers with compromised rendering...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

PT-2026-46739

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Reading Mode allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML...

PT-2026-35781

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A sandbox escape allows attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafti...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

Mozilla -- Sandbox escape

https://bugzilla.mozilla.org/showbug.cgi?id=2029461 reports: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a resource management vulnerability. This vulnerability stemmed from the reuse of the Media component after its release, which could allow a remote attacker with access to a renderi...