EUVD-2026-36379

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device...

EUVD-2026-36383

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances...

EUVD-2026-36384

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...

CVE-2026-47367

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device...

CVE-2026-47369

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances...

CVE-2026-47370

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...

CVE-2026-47370

Technical details are not publicly available in the provided documents. Monitor for updates on affected UniFi OS devices and remediation guidance.

CVE-2026-47369

Technical details (affected products/versions/root cause/fixes) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-47367

CVE-2026-47367 affects UID Enterprise Agent. An Improper Input Validation vulnerability could let a network-adjacent, low-privilege attacker trigger a Command Injection on the host. CVSSv3.1 base score 9.9 (CRITICAL) with network access, low attack complexity, and high impact on confidentiality, ...

SUSE CVE-2026-47734

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

OPENSUSE-SU-2026:20944-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 149.0.7827.102 boo1267911: CVE-2026-11628: Use after free in Ozone CVE-2026-11629: Use after free in Ozone CVE-2026-11630: Use after free in File Input CVE-2026-11631: Use after free in Aura CVE-2026-11632: Use...

EUVD-2026-36361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6...

EUVD-2026-36360

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...

EUVD-2026-36365

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

EUVD-2026-36354

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

EUVD-2026-36345

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2026-36330

Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

OSV-2026-903 UNKNOWN in avi_parse_input_file

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=522061221 Crash type: UNKNOWN Crash state: aviparseinputfile AVIopeninputfile avidmxprocess...

PT-2026-48824

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An improper input validation issue in UniFi OS allows a malicious actor with network access and low privileges to perform command injection, which is the execution of arbitrary operating...

PT-2026-48821

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device...