SUSE CVE-2026-10006

Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10007

Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10009

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10013

Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10015

Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10016

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10021

Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-10022

Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-44358

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

SUSE CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

Exploit for CVE-2025-66478

CVE-2025-66478-Research-Proof-of-Concept Overview This re...

Notepad++ security vulnerabilities

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has security vulnerabilities, and attackers can exploit these vulnerabilities to execute arbitrary code...

Benchmarking Security Risk Detection and Verification in Open Agentic Skill Ecosystems

Open agent platforms allow community contributors to publish reusable skills that agents can invoke at runtime. This extensibility also creates a supply-chain risk: malicious contributors can hide harmful behavior inside skills that appear benign under superficial inspection. However, existing...

PT-2026-45109

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi pengurus.php endpoint with module=pengurus and act=update parameters, which...

PT-2026-45112

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute...

SIM-PKH 代码问题漏洞

SIM-PKH is a community-based poverty alleviation data management system developed by Insan Sutejo. Version 2.4.1 of SIM-PKH has code vulnerabilities. These vulnerabilities arise from submitting PHP code via the fupload parameter. This may allow authenticated attackers to upload malicious files,...

RockyLinux 9 : nginx (RLSA-2026:19374)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19374 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

deltasql 访问控制错误漏洞

Deltasql is open-source software used for tracking and managing changes to database structures. Version 1.8.2 of deltasql contains a vulnerability related to access control. This vulnerability arises from the upload of malicious files via the docsUpload.php script. It could allow unauthorized...

WordPress plugin Spectra Gutenberg Blocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-45089

Name of the Vulnerable Software and Affected Versions Spectra Gutenberg Blocks – Website Builder for the Block Editor versions prior to 2.19.26 Description The plugin is susceptible to Remote Code Execution, allowing authenticated attackers with Contributor-level access or higher to execute code ...