EUVD-2026-34634

Out of bounds write in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34646

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

EUVD-2026-34523

Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34438

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34436

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34440

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34413

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34412

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34359

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

PT-2026-46949

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

MOLOT System Card: Malicious Operational Logic Observation Transformer

MOLOT Malicious Operational Logic Observation Transformer is a static malicious-code detection system designed for SAST setup where package metadata, maintainer history, and dynamic execution traces may be unavailable or unreliable. The system represents source code as behavior sequences derived...

ROS-20260605-73-0062

The vulnerability of the JavaScript Engine component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to access to resources through incompatible types. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility ...

RockyLinux 10 : thunderbird (RLSA-2026:22325)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22325 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

PT-2026-47051

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description An authenticated attacker can inject malicious JavaScript into their user profile and abuse the password reset functionality to send a link to an HTML page. When a victim visits this page, the...

PT-2026-47093

Summary The POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, no special permissions required can inject arbitrary JavaScript...

Linux Distros Unpatched Vulnerability : CVE-2026-11050

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

PT-2026-47085

Summary The shared form-view submit handler in NocoDB writes the form's redirect url to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirect url; when an authenticated...

PT-2026-47025

Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions prior to 0.8.28 Description The software parses WaveDrom diagrams by evaluating untrusted markdown content using the eval function, which allows for arbitrary JavaScript execution. This issue affects all rend...

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...