EUVD-2026-23149

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

CVE-2026-40959

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

Linux Distros Unpatched Vulnerability : CVE-2026-40959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. CVE-2026-40959 Note that Nessus relies on the presence of the packag...

PT-2026-35844

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A use after free issue exists in the Accessibility component on Windows. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox...

Google Chrome Viz Component Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google. A memory misreference vulnerability exists in the Viz component of Google Chrome. The vulnerability stems from a failure of the Viz component to properly handle memory objects, which can be exploited by an attacker to potentially sandbox escape ...

Google Chrome on Windows Uninitialized Usage Vulnerability

Google Chrome is a web browser from Google, an American company. An uninitialized use vulnerability exists in Google Chrome on Windows, which can be exploited by an attacker to perform a sandbox escape via a specially crafted HTML page...

PT-2026-33357

Name of the Vulnerable Software and Affected Versions Snowflake Cortex Code CLI versions prior to 1.0.25 Description Improper validation of bash commands allows subsequent commands to execute outside the sandbox. An attacker can embed specially crafted commands in untrusted content, such as a...

Google Chrome Dawn Component Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google with a Dawn component to handle WebGPU related functions. A memory misreference vulnerability exists in the Dawn component of Google Chrome. The vulnerability stems from improper management of the lifecycle of specific objects in the Dawn compone...

CVE-2026-40959

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

PT-2026-33222

Name of the Vulnerable Software and Affected Versions MuPDF mutool affected versions not specified Description MuPDF mutool fails to sanitize PDF metadata fields before writing them to terminal output. This allows the injection of arbitrary ANSI escape sequences—codes used to control terminal...

Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.15.2 contained security vulnerabilities; these vulnerabilities stemmed from the possibility of Lua sandbox escape through specially crafted mods when using...

MuPDF 安全漏洞

MuPDF is an open-source software library written in C language by MuPDF. It is used to render pages as bitmaps, but it also provides support for other operations such as searching and listing directories and links. MuPDF has a security vulnerability that stems from the failure to clean up PDF...

Linux Distros Unpatched Vulnerability : CVE-2026-40505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadat...

SUSE SLES12 Security Update : vim (SUSE-SU-2026:1347-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1347-1 advisory. Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS comman...

Google Chrome GPU out-of-bounds write vulnerability (CNVD-2026-19171)

Google Chrome is a web browser developed by Google. Google Chrome suffers from a GPU out-of-bounds write vulnerability. The vulnerability stems from a failure of the GPU component to properly handle boundary checks and can be exploited by an attacker to achieve sandbox escape via specially crafte...

PT-2026-33197

Name of the Vulnerable Software and Affected Versions Luanti versions 5.0 through 5.15.1 Description A sandbox escape exists when LuaJIT is used, allowing a crafted mod to execute arbitrary code outside the game engine. Recommendations Update to version 5.15.2...

Google Chrome < 147.0.7727.101 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 147.0.7727.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 202604stable-channel-update-for-desktop15 advisory. - Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed...

AlmaLinux 8 : thunderbird (ALSA-2026:6917)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:6917 advisory. firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34...

RHEL 7 : firefox (RHSA-2026:8427)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8427 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...