OESA-2026-2546 opensc security update

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to sma...

CVE-2026-9875

An out of bounds read flaw was found in the WebGL component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507508103...

Exploit for CVE-2026-42945

CVE-2026-42945-Nginx-RCE-bypass-ASLR CVE-202...

CVE-2026-46433

Heap OOB Read in VLAN Decapsulation memmove...

CVE-2026-8578

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496395450...

CVE-2026-8541

Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-44111

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from the QMD backend’s memoryget function, which allowed arbitrary file reading, potentially enabling caller...

PT-2026-38232

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description A file read issue allows attackers to bypass navigation guards through browser act/evaluate interactions. This enables attackers to pivot into the local Chrome DevTools Protocol CDP origin and...

Debian dla-4563 : libarchive-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4563 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4563-1 [email protected]...

CVE-2026-6920

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499891888 Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

Linux Distros Unpatched Vulnerability : CVE-2026-41476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connect...

CVE-2026-6308

Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-5907

Chromium/Google Chrome vulnerability CVE-2026-5907 involves insufficient data validation in the Media component, allowing out-of-bounds memory read via a crafted video file. Affected: Chromium/Chrome up to version 147.0.7727.55 (Chrome stable release). Public-branch disclosures in multiple adviso...

PT-2026-29804

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

Linux Distros Unpatched Vulnerability : CVE-2026-5282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML...

Canva Affinity Out-of-Bounds Read Vulnerability (CNVD-2026-15853)

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

wolfSSL（CyaSSL） 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. WolfSSL CyaSSL versions 5.8.4 and earlier contain security vulnerabilities. These vulnerabilities stem from a 1-byte out-of-bounds hea...

CVE-2026-3926

An out of bounds read flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=478659010...

Hyland Alfresco 安全漏洞

Hyland Alfresco is an enterprise content management system developed by the American company Hyland. Hyland Alfresco has a security vulnerability, which allows unauthenticated attackers to read arbitrary files from protected directories through endpoints such as /share/page/resource/. This...