31241 matches found
GHSA-XQ3M-2V4X-88GG Arbitrary code execution in protobufjs
Summary protobufjs could execute generated JavaScript code derived from protobuf schema metadata. When loading a crafted JSON descriptor, schema-controlled type names and type references could reach runtime code generation without sufficient validation. Impact An attacker who can provide a...
Building your cryptographic inventory: A customer strategy for cryptographic posture management
Post-quantum cryptography PQC is coming—and for most organizations, the hardest part won’t be choosing new algorithms. It will be finding where cryptography is used today across applications, infrastructure, devices, and services so teams can plan, prioritize, and modernize with confidence. At...
CVE-2026-6304
An use after free flaw was found in the Graphite component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496393742...
CVE-2026-1880
The CVE-2026-1880 entry concerns an Incorrect Permission Assignment for a Critical Resource in the ASUS DriverHub update process. The vulnerability arises from improper protection of required execution resources during the validation phase, enabling a local user to make unprivileged modifications...
CVE-2026-1880
An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...
EUVD-2026-23155
An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...
CVE-2026-1880
An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...
aws-credential-process (=0.20.0), aws-session-daemon (>=0.1.0 <=0.6.0) +2 more potentially affected by CVE-2026-40947 via yubikey-manager (>=5.0.0 <=5.1.1)
yubikey-manager PYPI version =5.0.0, =0.1.0, =1.0.0, =1.6.6 Source cves: CVE-2026-40947 Source advisory: SNYK:PYTHON-YUBIKEYMANAGER-16325204...
CSLE: A Reinforcement Learning Platform for Autonomous Security Management
Reinforcement learning is a promising approach to autonomous and adaptive security management in networked systems. However, current reinforcement learning solutions for security management are mostly limited to simulation environments and it is unclear how they generalize to operational systems...
CVE-2026-30656
A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...
Google Chrome Dawn Component Memory Misreference Vulnerability
Google Chrome is a web browser developed by Google with a Dawn component to handle WebGPU related functions. A memory misreference vulnerability exists in the Dawn component of Google Chrome. The vulnerability stems from improper management of the lifecycle of specific objects in the Dawn compone...
Google Chrome Viz Component Memory Misreference Vulnerability
Google Chrome is a web browser developed by Google. A memory misreference vulnerability exists in the Viz component of Google Chrome. The vulnerability stems from a failure of the Viz component to properly handle memory objects, which can be exploited by an attacker to potentially sandbox escape ...
PT-2026-33244
An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...
CVE-2026-30656
A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...
CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...
EUVD-2026-23084
Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...
EUVD-2026-23064
Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper truncation of subresource names in the authorization process. An attacker can gain unauthorized access to subresources or perform unauthorized actions by exploiting incorrect permission evaluation...
CVE-2026-40191
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...
dev.dsf:dsf-maven-plugin (>=2.0.0 <=2.1.0) potentially affected by CVE-2026-40942 via dev.dsf:dsf-bpe-process-api-v2 (>=2.0.0-M3 <=2.1.0)
dev.dsf:dsf-bpe-process-api-v2 MAVEN version =2.0.0-M3, =2.0.0, =2.1.0 Source cves: CVE-2026-40942 Source advisory: OSV:GHSA-XMJ9-7625-F634...