CVE-2026-7934

An insufficient validation of untrusted input flaw was found in the Popup Blocker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489023922...

CVE-2026-7930

An insufficient validation of untrusted input flaw was found in the Cookies component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=434825208...

CVE-2026-7931

An insufficient validation of untrusted input flaw was found in the iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=474338157...

CVE-2026-43400

A flaw was found in the Linux kernel's drm/amdgpu module. A local user could exploit this vulnerability by providing excessively large input values to the amdgpuuserqsignalioctl function. This lack of proper input validation can lead to an Out-Of-Memory OOM condition, causing a Denial of Service...

CVE-2026-43398

A flaw was found in the Linux kernel's amdgpu graphics driver. A local user could exploit this vulnerability by providing excessively large input values to the amdgpuuserqwaitioctl function. This improper input validation can lead to an Out-Of-Memory OOM condition, resulting in a Denial of Servic...

EUVD-2026-28811

Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...

EUVD-2026-28810

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

CVE-2026-29202

Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...

CVE-2026-29202

Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...

CVE-2026-29202

The CVE-2026-29202 issue affects cPanel & WHM through Insufficient input validation of the plugin parameter in the create_user plugin, enabling arbitrary Perl code execution under the authenticated user’s system account. Affected component: the create_user plugin’s plugin parameter handling. Root...

EUVD-2026-28787

lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...

Directory Traversal

Overview dash-uploader is an Upload large files using resumable.js Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied input in the gettemproot and post functions. An attacker can gain unauthorized access to files and execute arbitrary...

EUVD-2026-28706

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpuuserqsignalioctl can lead to a OOM and could be exploited. So check these input value against AMDGPUUSERQMAXHANDLES which is big enough...

CVE-2026-43400

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpuuserqsignalioctl can lead to a OOM and could be exploited. So check these input value against AMDGPUUSERQMAXHANDLES which is big enough...

CVE-2026-43387

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtwgetieex Just like in commit 154828bf9559 "staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser", we don't trust the data in the frame so we should check the length...

CVE-2026-37458

A flaw was found in FRRouting FRR. An authenticated remote attacker can exploit a missing input validation vulnerability in the MPREACHNLRI component by supplying a specially crafted UPDATE message. This issue can lead to a Denial of Service DoS. Mitigation Mitigation for this issue is either not...

EUVD-2026-28594

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...

CVE-2026-42146

A flaw was found in CImg Library. A remote attacker can exploit this vulnerability by providing a specially crafted BMP Bitmap image file. This occurs because the nbcolors field in the BMP file header is used directly to compute an allocation size without proper validation against the remaining...

CVE-2026-43940

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers without any sanitisation. Because runWidget...

CVE-2026-43940 electerm: Path traversal in electerm runWidget leads to arbitrary code execution

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers without any sanitisation. Because runWidget...