EUVD-2026-17791

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-5288

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-5272

Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-5279

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-5275

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

A out-of-bounds read in media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

The incorrect security UI in PictureInPicture in Google Chrome prior to version 146.0.7680.71 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Firefox

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: High...

Cisco Integrated Management Controller 命令注入漏洞

The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...

CVE-2026-34611

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token...

CVE-2026-34611

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token...

CVE-2026-34611 AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token...

CVE-2026-24030

A flaw was found in DNSdist. A remote attacker could exploit this vulnerability by sending specially crafted DNS over QUIC Quick UDP Internet Connections or DNS over HTTP/3 Hypertext Transfer Protocol version 3 payloads. This could trick DNSdist into allocating excessive memory, leading to a deni...

[SECURITY] Fedora 44 Update: cpp-httplib-0.38.0-1.fc44

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

PT-2026-29468

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A use after free issue in the Compositing component of Google Chrome prior to version 146.0.7680.178 could allow a remote attacker who has compromised the renderer process to potential...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions responsible for freeing memory in the Web MIDI component. An attacker coul...

Discourse 跨站脚本漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary HTML and JavaScript...

Mozilla Thunderbird Spoofing Vulnerability (CNVD-2026-16380)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A spoofing vulnerability exists in Mozilla Thunderbird, which can be exploited by attacke...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.178 contained a security vulnerability, which was caused by improper implementation of the ANGLE component. This vulnerability could allow remote attackers to exploit the system by leaking...