CVE-2026-9889

Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

CVE-2026-39929

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

CVE-2026-46830

Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...

CVE-2026-46841

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

CVE-2026-39929 Lakeside SysTrack Agent LsiAgent.exe Out-of-Bounds Read via UDP

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

CVE-2026-39929

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

CVE-2026-39929 Lakeside SysTrack Agent LsiAgent.exe Out-of-Bounds Read via UDP

Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed...

CVE-2026-39929

CVE-2026-39929 concerns Lakeside SysTrack Agent prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15, where the out-of-bounds read occurs in the UDP Command ID 30 packet handler. The root cause is an invalid memory access triggered by a malformed UDP packet at offset 0x4 in the payload, leadin...

CVE-2026-46122

A flaw was found in the Linux kernel's b43 Wi-Fi driver. A remote attacker could exploit this vulnerability by providing a specially crafted firmware key index that exceeds the allocated array size in the b43rx function. This out-of-bounds read could lead to information disclosure, potentially...

CVE-2026-46140

A flaw was found in the Linux kernel's Bluetooth subsystem, specifically within the btmtk driver. A remote attacker could exploit this vulnerability by sending a specially crafted Wireless Management Terminal WMT event response. The system processes these responses without properly validating the...

CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

CVE-2026-44881 Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

CVE-2026-44881 Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

CVE-2026-44881

Summary: Portainer Community Edition before fixes is vulnerable to arbitrary file read via Git-symlink injection when deploying stacks from Git repositories. During Git-backed stack creation/update, go-git v5 may create real OS symlinks for most files (except .gitmodules). The GET /api/stacks/{id...

EUVD-2026-33065

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

CVE-2026-46163

A flaw was found in the Linux kernel's b43legacy Wi-Fi driver. A remote attacker could exploit this vulnerability by sending specially crafted Wi-Fi frames, causing the firmware-controlled key index in the receive path to exceed its allocated bounds. This out-of-bounds read could lead to...

CVE-2026-46199

A flaw was found in the Linux kernel's drm/amdgpu/vcn4 component. This vulnerability allows an attacker to trigger an out-of-bounds OOB read when parsing decoder messages due to insufficient bounds checking. This could lead to information disclosure, potentially revealing sensitive data from memo...

CVE-2026-46198

A flaw was found in the Linux kernel's batman-adv component. An integer overflow in the batadvivogmsendtoif function, specifically with the buffpos variable, can lead to an out-of-bound read. This occurs because the size check uses an int type while buffpos uses an s16 type, causing a mismatch th...