CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

CVE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the...

CVE-2025-41712

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

RHSA-2026:4077 Red Hat Security Advisory: php security update

Bulletin has no description...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component...

PT-2026-24880

🚨 CVE-2026-3932 Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium 🎖@cveNotify...

PT-2026-24877

CVE-2026-3929 Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. … https://t.co/Eu1lU8NeVv...

PT-2026-24861

Google releases Chrome 146, fixing 29 vulnerabilities including a critical heap buffer overflow in WebML CVE-2026-3913. Update your browser immediately. Chrome146 GoogleChrome CVE20263913 CyberSecurity PatchAlert InfoSec BugBounty Vulnerability https://t.co/Xywvdo0ywP https://t.co/eSaiAchpsb...

PT-2026-24865

🟠 CVE-2026-3917 - High Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High https://t.co/o0ZCRciQYq https://t.co/pa2QzEaBel...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.71 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow in WebML, which could allow remote attackers to execute out-of-bound memory reads through specially...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from the presence of incorrect security UI in LookalikeChecks, which can be exploited by an attacker to perform UI spoofing via specially crafted HTML pages...

PT-2026-24186

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

ROS-20260310-73-0007

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code and cause a denial of service via a specially crafted HTML page...

ROS-20260310-73-0009

A vulnerability in the Blink display module of the Google Chrome browser is related to flaws in the implementation of security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read and delete data using a specially crafted...

ROS-20260310-73-0018

Vulnerability in libsoup related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

PT-2026-24170

Name of the Vulnerable Software and Affected Versions FileBrowser versions prior to 1.3.1-beta FileBrowser versions prior to 1.2.2-stable Description FileBrowser is a free, self-hosted, web-based file manager. A stored cross-site scripting XSS issue exists due to the use of text/template instead ...

PT-2026-23833

The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...