CVE-2026-9895

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491685406...

CVE-2026-9889

An out of bounds read and write flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=511727159...

OSV-2026-824 Stack-buffer-overflow in coolkey_rsa_op

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517058311 Crash type: Stack-buffer-overflow READ Crash state: coolkeyrsaop coolkeycomputecrypt sccomputesignature...

CVE-2026-10017

An out of bounds read flaw was found in the Headless component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504156069...

CVE-2026-9875

An out of bounds read flaw was found in the WebGL component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507508103...

OSV-2026-822 Heap-use-after-free in slice_segment_header::operator=

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517027630 Crash type: Heap-use-after-free READ 4 Crash state: slicesegmentheader::operator= slicesegmentheader::read decodercontext::readsliceNAL...

dnsmasq security update

An update is available for dnsmasq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server...

Waterfall WF-500 安全漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. There are security vulnerabilities in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040; these vulnerabilities stem fr...

PT-2026-44930

Name of the Vulnerable Software and Affected Versions liboqs versions prior to 0.16.0 Description An out-of-bounds read exists in the XMSS and XMSS^MT stateful signature verification code. This occurs when the verification function is called with a signature buffer shorter than the expected size...

PT-2026-44924

Name of the Vulnerable Software and Affected Versions xiaomusic version 0.5.7 Description An unauthenticated path traversal issue exists in the 'GET /music/file path:path' endpoint. This occurs due to an incomplete path prefix check and a missing trailing separator in the comparison logic...

Oracle Linux 8 : glibc (ELSA-2026-50291)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50291 advisory. - Add tests for CVE-2026-4437 and CVE-2026-4438 RHEL-173358 - CVE-2026-4046: Fix assertion failure in IBM1390 and IBM1399 iconv modules RHEL-162891 -...

PT-2026-44837

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files...

Linux Distros Unpatched Vulnerability : CVE-2026-46130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never spl...

Linux Distros Unpatched Vulnerability : CVE-2026-9907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-9943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

ASUS Armoury Crate 安全漏洞

ASUS Armoury Crate is a software utility developed by ASUS Corporation in China. It aims to provide centralized control over supported ROG gaming products. ASUS Armoury Crate has a security vulnerability caused by improper allocation of permissions for critical resources. This vulnerability may...

Linux Distros Unpatched Vulnerability : CVE-2026-9928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

RockyLinux 8 : dnsmasq (RLSA-2026:20589)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20589 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890 dnsmasq:...

Linux Distros Unpatched Vulnerability : CVE-2026-46185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdat...

RHEL 8 : kernel (RHSA-2026:21706)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21706 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth: MGMT: Fix possible...