CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-46722

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in MHTML MIME HTML, a web page archive format allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specifi...

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-46751

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the WebUI allows a remote attacker to perform domain spoofing by using a crafted domain name. Recommendations Update to version 149.0.7827.53 or later...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-46632

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the WebUI allows a remote attacker who has compromised the renderer process to leak cross-origin data through the use of a crafted HTML pag...

PT-2026-46475

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A heap buffer overflow occurs in the Media component. This issue allows a remote attacker to execute arbitrary code within a sandbox if a user is convinced to perform specific UI gestur...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-46520

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code inside a sandbox. This is achieved by convincing a user to perform specific UI gestures while interacting...

PT-2026-46518

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in V8 allows a remote attacker to potentially exploit heap corruption, which occurs when memory is allocated in the heap area is corrupted, via a crafted...

PT-2026-46524

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A heap buffer overflow occurs in the TabStrip component. This issue allows a remote attacker to potentially exploit heap corruption—a condition where memory allocation in the heap is...

PT-2026-46744

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the PlatformIntegration component allows a remote attacker to execute arbitrary code via a malicious file, provided they can convince a user to perfor...

PT-2026-45812

Name of the Vulnerable Software and Affected Versions Dräger Perseus A500 versions 2.00 through 2.02 Description Improper input handling allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. This can overlo...

CVE-2026-10296

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

CVE-2025-59601

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild

A flaw was found in the Linux kernel's ice network driver. A local attacker could exploit a race condition during the Virtual Station Interface VSI rebuild process. This flaw occurs when the Precision Time Protocol PTP periodic work attempts to access uninitialized memory, leading to a NULL point...

CVE-2026-0094

In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

CVE-2026-0093

In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-25435

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages...