PT-2026-48241

This update for xen fixes the following issues: - CVE-2026-42487: x86 HVM I/O port list traversal bsc1266952. - CVE-2026-42488: x86: mismatched mapcache metadata bsc1266955. - CVE-2026-42489,CVE-2026-42490: domctl lock open to abuse bsc1266953...

Adobe Dreamweaver 21.0 < 21.8 Multiple Vulnerabilities (APSB26-62)

The version of Adobe Dreamweaver installed on the remote Windows host is prior to 21.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-62 advisory. - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-11676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised...

VMware Spring Framework 输入验证错误漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 5.3.0 to 5.3.48 contain a vulnerability related to input validation errors...

Adobe Dreamweaver 21.0 < 21.8 Multiple Vulnerabilities (APSB26-62) (macOS)

The version of Adobe Dreamweaver installed on the remote macOS host is prior to 21.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-62 advisory. - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability th...

Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

VulnCheck KEV: CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from the possibility that authenticated administrators who are connected to the local network may gain elevated...

Elixir -- Denial of service via unbounded integer parsing in Version

PJUllrich reports: The Version module parses numeric version components without length limits. Untrusted input can trigger creation of arbitrary-precision integers, causing CPU and memory exhaustion...

GHSA-XRVJ-V92F-53GJ Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack / applydelta, it would...

Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack / applydelta, it would...

CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11697

CVE-2026-11697 affects Google Chrome’s UI layer built on Chromium, where insufficient validation of untrusted input could enable a remote attacker to escape the sandbox via a crafted HTML page. The issue is described as a High-severity vulnerability, with exploitation linked to messages that prev...

CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11691

CVE-2026-11691 involves Google Chrome’s New Tab Page and is caused by insufficient validation of untrusted input. The vulnerability affects Chrome prior to version 149.0.7827.103, enabling a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page...

CVE-2026-11686

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...