590093 matches found
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure default permissions that grant regular users elevated privileges. An attacker can gain unauthorized access to host files and execute code with root-level privileges by leveraging authenticat...
USN-8346-1: Texmaker vulnerabilities
It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...
GHSA-9277-MP7X-85JF Dulwich Vulnerable to Command Injection via Merge Driver Path
Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...
Dulwich Vulnerable to Command Injection via Merge Driver Path
Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...
GHSA-897W-FCG9-F6XJ Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...
CVE-2026-10021
Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10022
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-10021
The CVE-2026-10021 entry describes an issue in Chromium-based Chrome where insufficient validation of untrusted input in the USB component could allow a remote attacker to execute arbitrary code via a crafted HTML page. Affected software is Google Chrome (Chromium-based); the underlying cause is ...
CVE-2026-10022
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-10022
Summary: A type confusion in the V8 JavaScript engine within Google Chrome before version 148.0.7778.216 may allow an attacker who convinces a user to install a malicious extension to execute arbitrary code inside a browser sandbox. Affected components: V8 in Google Chrome (Chromium-based). Root ...
CVE-2026-10021
Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10022
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-10021
Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10016
CVE-2026-10016 is a use-after-free in the DOM of Google Chrome, fixed by the 148.0.7778.216 update. The vulnerability allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Severity: High (CVSS v3.1 base score 8.8; Network attack vector, no privileges ...
CVE-2026-10016
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-10016
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-10016
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-10013
CVE-2026-10013: A use-after-free flaw in WebCodecs within Google Chrome prior to 148.0.7778.216 allows remote execution of arbitrary code in the sandbox via a crafted HTML page. Affected software is Google Chrome (WebCodecs component); root cause is use-after-free. Impact is high (arbitrary code ...
CVE-2026-10015
Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...