CVE-2026-48682

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simplepacketparserng.cpp, after validating that the packet contains at least sizeofipv4headert bytes 20 bytes, the code advances the localpointer by '4 ipv4header-getihl' line 164 without...

PT-2026-46533

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read occurs in ANGLE, which is a compatibility layer between OpenGL ES and other graphics APIs. This issue allows a remote attacker who has already compromised the...

PT-2026-46544

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read exists in WebGPU, which is a modern API for graphics and compute on the web. This issue allows a remote attacker to perform an out of bounds memory read by inducin...

PT-2026-45884

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

PT-2026-46710

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read in GWP-ASan allows a local attacker to obtain potentially sensitive information from process memory by using a malicious file. GWP-ASan is a sampled memory error...

PT-2026-46638

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read exists in ANGLE, which allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. Recommendations Update to version 149.0.7827....

PT-2026-45750

Name of the Vulnerable Software and Affected Versions Gleam versions 1.16.0 through 1.17.0 Description A path traversal issue exists in the handling of custom documentation pages. The documentation.pages entries within the gleam.toml file are incorporated into filesystem paths without sufficient...

CVE-2026-35718

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...

PT-2026-45881

Name of the Vulnerable Software and Affected Versions alf.io versions prior to 2.0-M5-2606 Description The extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accepts an arbitrary filesystem path via the...

Linux Distros Unpatched Vulnerability : CVE-2026-44518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has...

kernel: rcu/nocb: Fix missed RCU barrier on deoffloading

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torturetype=rcu fwdprogress=8 nbarriercbs=8 nocbsnthreads=8 nocbstoggle=100 onoffinterval=60 testboost=2, will trigger the following warning...

CVE-2026-0076

In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0056

In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-45691

A flaw was found in Nextcloud Server. An attacker could reuse a pre-two-factor authentication 2FA session cookie as a Bearer token. This allows them to authenticate against DAV endpoints, granting unauthorized read and write access and bypassing the mandatory two-factor authentication. Mitigation...

CVE-2026-25258 Out-of-bounds Read in DSP Service

Memory corruption while processing IOCTL calls for escape operations...

CVE-2026-25258 Out-of-bounds Read in DSP Service

Memory corruption while processing IOCTL calls for escape operations...

CVE-2025-59609 Buffer Over-read in WLAN Host Communication

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length...

CVE-2026-49489

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

CVE-2026-0056

In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0056

In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...