EUVD-2026-34440

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34412

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34413

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34359

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

PT-2026-46949

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated reflected cross-site scripting issue exists in the 'server.log' endpoint. This allows attackers to inject arbitrary HTML and JavaScript code via the search parameter. By crafting...

MOLOT System Card: Malicious Operational Logic Observation Transformer

MOLOT Malicious Operational Logic Observation Transformer is a static malicious-code detection system designed for SAST setup where package metadata, maintainer history, and dynamic execution traces may be unavailable or unreliable. The system represents source code as behavior sequences derived...

PT-2026-47093

Name of the Vulnerable Software and Affected Versions DbGate versions prior to 7.1.9 Description The "POST /runners/load-reader" endpoint accepts a functionName parameter that is directly interpolated into a JavaScript code template without sanitization or validation. An authenticated user with...

PT-2026-47025

Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions prior to 0.8.28 Description The software parses WaveDrom diagrams by evaluating untrusted markdown content using the eval function, which allows for arbitrary JavaScript execution. This issue affects all rend...

PT-2026-47051

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description An authenticated attacker can inject malicious JavaScript into their user profile and abuse the password reset functionality to send a link to an HTML page. When a victim visits this page, the...

PT-2026-47085

Summary The shared form-view submit handler in NocoDB writes the form's redirect url to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirect url; when an authenticated...

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of the video-player component, which could allow attackers to execute arbitrary JavaScript in th...

Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Version 0.8.x of Markdown Preview Enhanced contains security vulnerabilities, which stem from code injection in the WaveDrom rendering pipeline. This vulnerability allows attackers to execute arbitrary...

ROS-20260605-73-0062

The vulnerability of the JavaScript Engine component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to access to resources through incompatible types. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility ...

Linux Distros Unpatched Vulnerability : CVE-2026-11050

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

RockyLinux 10 : thunderbird (RLSA-2026:22325)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22325 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained security vulnerabilities. These vulnerabilities stemmed from the use of eval to parse WaveDrom expressions in untrusted markdown content, which...

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

DEBIAN-CVE-2026-11075

Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11050

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...