Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from excessive memory writes by the Dawn component, which could allow remote attackers to execute excessive memory writes...

PT-2026-44640

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in ANGLE on Windows. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...

Google Chrome on Android 安全漏洞

Google Chrome on Android is a web browser in the Android operating system developed by Google Inc. Versions prior to 148.0.7778.216 of Google Chrome on Android had a security vulnerability. This vulnerability stemmed from improper implementation of the Skia component, which could allow remote...

Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup

TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and is independent from setup conditions and authentication. This vulnerability is of high severity for all Kirby sites. ---- Introduction Path traversal is a type of attack that allows to access arbitrary filesystem paths. By...

UBUNTU-CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

CVE-2026-8835

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

EUVD-2026-31894

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modibmupload...

EUVD-2026-31836

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension

A flaw was found in Apache Tomcat. A remote attacker could exploit an inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, by sending a specially crafted request with an invalid chunk extension. This vulnerability allows an attacker to manipulate the way HTTP...

EUVD-2026-31822

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

PT-2026-43239

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...

Important: containerd

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

CVE-2026-47077

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

EUVD-2026-31688

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

CVE-2026-45249

A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...

PT-2026-42998

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

sql-injection

sql-injection python tool that...

CVE-2026-48135 - HTTP service can incorrectly process malformed HTTP requests

Cause An input-handling issue in the HTTP request processing path. Symptoms - A Check Point HTTP-based service, such as Mobile Access Portal or Identity Awareness Portals except for Captive Portal, can incorrectly handle malformed HTTP requests. Gaia Portal is not affected by this issue. - The...

CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...