Chromium: CVE-2026-7354 Out of bounds read and write in Angle

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-33451 Arbitrary read/write vulnerability in Windows clients prior to 14.50

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

CVE-2026-33451

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

CVE-2026-33451 Arbitrary read/write vulnerability in Windows clients prior to 14.50

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

EUVD-2026-26423

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the fact that the Account REST API is only partially disabled. Five endpoints remain fully functional, and there is no gatekeeper for...

PT-2026-36175

Name of the Vulnerable Software and Affected Versions Secure Access Windows client versions prior to 14.50 Description An arbitrary read/write issue exists where attackers with local control of the Windows client can send malformed data to an API to elevate their privileges to system level...

Absolute Secure Access 缓冲区错误漏洞

Absolute Secure Access is an application developed by Absolute Corporation. It provides secure service edge SSE services optimized for mixed and mobile work environments. Versions of Absolute Secure Access prior to 14.50 contained a buffer error vulnerability. This vulnerability could lead to...

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

RHEL 8 : firefox (RHSA-2026:11805)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:11805 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libpng:...

CLSA-2026-1777475754 glusterfs: Fix of 2 CVEs

CVE-2018-10923: posix: disable open/read/write on special files - CVE-2018-14651: server: don't allow '/' in basename...

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

EUVD-2026-26180

Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7354

Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from an issue with the permission escalation mechanism in the gateway plugin’s HTTP authentication process...

PT-2026-35807

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that widens identity-bearing operator.read requests into runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway au...

BinExploit-Bench

BinExploit-Bench: Binary Exploitation Capability Benchmark for...

zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...

CVE-2026-23751

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 other versions may be affected exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An...

CVE-2026-23751

CVE-2026-23751 affects Kofax Capture (now Tungsten Capture) 6.0.0.0. It exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service, accessible without authentication. An unauthenticated attacker can use .NET Remoting object unmarshalling to instantiate a remote Sy...