SUSE CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

Chromium: CVE-2026-10017 Out of bounds read in Headless

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

CVE-2026-47741

CVE-2026-47741 affects Shopper, a Headless e-commerce Admin Panel. Before 2.8.0, CreateOrderFromCartAction::execute created the Order row before incrementing the discount’s total_use, allowing a race condition under concurrent checkout that silently exceeded the global usage_limit and applied the...

[SECURITY] Fedora 44 Update: haveged-1.9.21-1.fc44

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

EUVD-2026-33159

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

An out of bounds read flaw was found in the Headless component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504156069...

Linux Distros Unpatched Vulnerability : CVE-2026-10017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perfor...

PT-2026-44942

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total use counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usage limit wa...

DEBIAN-CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

Summary (CVE-2026-10017) Out-of-bounds read in Chrome/Chromium Headless before 148.0.7778.216. An attacker who already compromised the renderer process could potentially escape the sandbox via a crafted HTML page. The issue affects the Headless component of Chromium and is described with Chromium...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds read operations in Headless mode, which could allow remote attackers with compromised rendering...

PT-2026-44573

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read in Headless allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through the use of a crafted HTML page. An o...

XSSaudit

XSSAudit v2.0 — Advanced XSS Vulnerability Scanner For au...

CVE-2026-42843

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...