CVE-2026-7918

Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7918

CVE-2026-7918 describes a use-after-free in Google Chrome's GPU component prior to 148.0.7778.96, which could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue pertains to the Chrome/Chromium GPU stack and is docu...

CVE-2026-7915

Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...

CVE-2026-7910

CVE-2026-7910 affects Google Chrome

CVE-2026-7897

Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-40562

Gazelle for Perl (versions up to 0.49) is affected by HTTP Request Smuggling due to improper header precedence: Content-Length is prioritized over Transfer-Encoding: chunked when both headers are present, contravening RFC 7230 section 3.3.3. This can enable smuggling of requests via a front-end r...

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

Zabbix 跨站脚本漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has a cross-site scripting vulnerability. This vulnerability arises from the Item history widget or Plain tex...

PT-2026-38094

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.96 Description A use after free issue in ANGLE allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that...

PT-2026-37773

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

ROS-20260506-73-0044

Vulnerability in erlang related to flaws in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

GHSA-QJV7-627W-8QJV Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

CVE-2026-35228

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by out-of-buffer writing due to Media-related issues. This vulnerability could allow remote attackers to execute arbitrary code with...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation of the Preload mechanism. This vulnerability could allow remote attackers to leak cross-source data through...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient trusted input validation in Dialog. It could allow remote attackers with access to the renderer process to...

PT-2026-38097

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds read exists in Fonts, which allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. An out of bounds read occurs when a program...