5735 matches found
CVE-2026-10999
Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
PT-2026-46799
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Reading List allows a remote attacker to perform privilege escalation. This is achieved by convincing a user to engage in specif...
PT-2026-46808
Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. Chromium security severity: Low...
PYSEC-2026-200
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read emai...
PT-2026-45944
Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description The django.utils.cache.has vary header function does not strip leading or trailing whitespace from Vary response header values before comparison. This allows remote...
GLPI 安全漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...
CVE-2026-40314
NamelessMC (Minecraft server website software) 2.2.4 is affected by an authorization issue where core/classes/Misc/ProfilePostReactionContext.php only verifies the wall post exists and fails to enforce blocked/private-profile visibility, while modules/Core/queries/reactions.php permits unauthenti...
CVE-2026-33398
NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from excessive reading by Chromecast, which could allow remote attackers with compromised rendering processes to...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient validation for untrusted inputs during the reading mode, which could allow remote attackers to...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a security vulnerability that stems from excessive reading of memory resources...
Debian dsa-6319 : libyelp-dev - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6319 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6319-1 [email protected] https://www.debian.org/security/...
CVE-2026-49136
Banana Slides (v0.4.0) contains a path traversal in ai service backend’s generate_image() that lets unauthenticated attackers read arbitrary image files outside the uploads directory. Root cause: incomplete path prefix check via os.path.startswith(), without a trailing separator, allowing crafted...
CVE-2026-45810 Nextcloud: Propfind requests for file comments allowed to load comments for other files
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...
CVE-2026-40547 Path Traversal in SOPlanning
SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...
openjdk: Enhance Zip file reading (Oracle CPU 2026-04)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:...
praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks
Summary Type: Insecure Direct Object Reference. The dependency endpoints POST/GET /workspaces/workspaceid/issues/issueid/dependencies and DELETE .../dependencies/depid gate access on requireworkspacememberworkspaceid only, then dispatch to DependencyService calls that take URL/body-supplied issue...
CVE-2025-41271
Nozomi Networks Labs identifies a CWE-23 Relative Path Traversal affecting Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040) via the Console WebUI. An unauthenticated remote attacker could read arbitrary files on the device through this vulnerability. The provided documents do not sp...
SUSE CVE-2026-46130
In the Linux kernel, the following vulnerability has been resolved: dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never split across parity blocks. This assumption is false. Consider...
Linux Distros Unpatched Vulnerability : CVE-2026-46130
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never spl...