DEBIAN-CVE-2026-11306

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

CVE-2026-11279

Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2026-11279

Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11269

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Low...

DEBIAN-CVE-2026-11269

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-11262

Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2026-11262

Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

CVE-2025-12659

Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process...

flatpak security update

An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed desktop...

RLSA-2026:21755 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

PT-2026-47093

Name of the Vulnerable Software and Affected Versions DbGate versions prior to 7.1.9 Description The "POST /runners/load-reader" endpoint accepts a functionName parameter that is directly interpolated into a JavaScript code template without sanitization or validation. An authenticated user with...

PT-2026-47024

Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions prior to 0.8.28 Description The software parses Bitfield fenced code blocks using the interpretJS function, which evaluates the block content as code via vm.runInNewContext. This allows for arbitrary code...

PT-2026-47050

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions 9.5.0 through 11.0.2 Description An attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This allows for the potential reading or...

PT-2026-47044

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description Two path traversal issues in the Network Installation Service NIS allow an unauthenticated network attacker to read package archive files and write arbitrary files to any...

Altium 365和Altium Enterprise Server 安全漏洞

Altium 365 and Altium Enterprise Server are both products of the American company Altium. Altium 365 is a product design and development platform. Altium Enterprise Server is a localized data management server. Both Altium 365 and Altium Enterprise Server have security vulnerabilities. These...

7-Zip 缓冲区错误漏洞

7-Zip is an open-source compression software developed by 7-Zip. Versions of 7-Zip 26.00 and earlier contained a buffer error vulnerability. This vulnerability stemmed from insufficient allocation of the NTFS compression stream buffer, which could allow attackers to execute arbitrary code or caus...

HAX 操作系统命令注入漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX prior to 26.0.0 had a vulnerability related to operating system command injection. This vulnerability stemmed from improper cleanup of input values when constructing shell command strings in the Git.php...

PT-2026-47030

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An OS command injection issue exists in the Git.php library of the PHP backend. The application executes shell command strings using the proc open function without properly sanitizing input. An...

ROS-20260605-73-0074

The vulnerability in Firefox is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...