Linux Distros Unpatched Vulnerability : CVE-2026-10928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...

DEBIAN-CVE-2026-10928

Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-10928

CVE-2026-10928 affects Google Chrome in headless mode prior to 149.0.7827.53. The issue is described as a script injection via a crafted HTML page that could allow remote code execution. Affected component is the headless browser environment within Chrome/Chromium; root cause is a script-injectio...

CVE-2026-10928

Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-10928

Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

PT-2026-46457

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Script injection in Headless mode allows a remote attacker to execute arbitrary code through a crafted HTML page. Recommendations Update to version 149.0.7827.53 or later...

SUSE CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-33159

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

Linux Distros Unpatched Vulnerability : CVE-2026-10017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perfor...

CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10017

Summary (CVE-2026-10017) Out-of-bounds read in Chrome/Chromium Headless before 148.0.7778.216. An attacker who already compromised the renderer process could potentially escape the sandbox via a crafted HTML page. The issue affects the Headless component of Chromium and is described with Chromium...

PT-2026-44573

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read in Headless allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through the use of a crafted HTML page. An o...

PinchTab has SSRF with Full Response Exfiltration via Download Handler

SSRF with Full Response Exfiltration via Download Handler Summary A Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files...

PT-2026-23794

Name of the Vulnerable Software and Affected Versions PinchTab versions prior to 0.7.7 Description PinchTab is a standalone HTTP server designed to provide AI agents with direct control over a Chrome browser. A Server-Side Request Forgery SSRF condition exists in the /download endpoint. This allo...

GHSA-342Q-2MC2-5GMP @jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)

Summary The maintainer been contemplating whether FTP or other protocols could serve as useful functionalities, but there may not be a practical reason for it since we are utilizing headless Chrome to capture screenshots. The argument is based on the assumption that this package can function as a...

@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)

Summary The maintainer been contemplating whether FTP or other protocols could serve as useful functionalities, but there may not be a practical reason for it since we are utilizing headless Chrome to capture screenshots. The argument is based on the assumption that this package can function as a...

Plution - Prototype Pollution Scanner Using Headless Chrome

Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here:...

QIWI: SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"

Здравствуйте! На сайте https://qiwi.com вы используете Prerender HAR Capturer 5.6.0 на основе Headless Chrome для рендеринга HTML, снимков экрана, PDF-файлов и файлов HAR с любой веб-страницы https://github.com/prerender/prerender. Если на qiwi.com послать запрос с измененным юзер-агентом...