16840 matches found
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 146.0.7680.71 contained a resource management vulnerability. This vulnerability stemmed from a problem with the WindowDialog class, where objects were reclaimed and reused after their initi...
PT-2026-24651
Impact An attacker can use a dot-notation field name in combination with the sort query parameter to inject SQL into the PostgreSQL database through an improper escaping of sub-field values in dot-notation queries. The vulnerability may also affect queries that use dot-notation field names with t...
RHEL 9 : firefox (RHSA-2026:4152)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4152 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap...
EulerOS 2.0 SP13 : glib2 (EulerOS-SA-2026-1271)
According to the versions of the glib2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potentia...
EulerOS 2.0 SP13 : glib2 (EulerOS-SA-2026-1235)
According to the versions of the glib2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potentia...
EUVD-2026-10424
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...
CVE-2026-30916 Shescape has possible misidentification of shell due to link chains
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...
Exploit for Use After Free in Redis
🚨 CVE-2025-49844 — “RediShell” Critical Remote Code Execu...
CVE-2026-30887
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...
CVE-2026-30887 OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...
EUVD-2026-10421
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...
CVE-2026-30887 OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...
EUVD-2026-10420
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...
CVE-2026-30887 OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...
USN-8080-1: YARA vulnerabilities
Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...
CVE-2026-3089
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component...
firefox: thunderbird: Sandbox escape in the Graphics: WebRender component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Graphics: WebRender component...
firefox: thunderbird: Sandbox escape in the Storage: IndexedDB component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Storage: IndexedDB component...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component...