CVE-2026-11512

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2026-11501

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

EUVD-2026-35348

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the...

CVE-2026-11621

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

CVE-2026-11620

CVE-2026-11620 affects TOTOLINK EX200 firmware 4.0.3c.7646, via the vsftpd component and manipulation of /etc/vsftpd.conf, causing a least-privilege violation that can be exploited remotely. The exploit is public. The exact root cause, affected subcomponents, and remediation details are not fully...

CVE-2026-11619

Dolibarr ERP CRM up to 23.0.2 is affected by a vulnerability in the Legacy Filemanager component (file: htdocs/core/filemanagerdol/connectors/php/config.inc.php) that leads to improper authorization. Attack can be initiated remotely; a public exploit is available. Remedy: upgrade to 23.0.3 (patch...

EUVD-2026-35227

Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-35259

Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

ROS-20260609-73-0028

Vulnerability of Audio/Video components: Mozilla Firefox, Firefox ESR, and Thunderbird’s email client use web codecs. This vulnerability is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

ROS-20260609-73-0012

The vulnerability of the ngxhttpscgimodule and ngxhttpuwsgimodule modules in NGINX Plus and NGINX Open Source web servers is related to uncontrolled memory consumption. Exploiting this vulnerability can allow a malicious actor to perform a “man-in-the-middle” attack remotely...

ROS-20260609-73-0015

The vulnerability in Thunderbird relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

TOTOLINK EX200 安全漏洞

TOTOLINK EX200 is a 2.4G wireless N range extender from TOTOLINK Corporation. It is designed to expand the coverage of an existing Wi-Fi network. The TOTOLINK EX200 version 4.0.3c.7646 contains a security vulnerability. This vulnerability stems from a minor permission violation in the vsftpd.conf...

PT-2026-47633

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

FROST: Fingerprinting Remotely Using OPFS-based SSD Timing

Prior work showed that variations in SSD access time can be used to leak information about user activity, e.g., the websites a user accesses, and for covert data transmission. To achieve this, SSD contention side channels require accurate high-resolution timing measurements of I/O operations, e.g...

dcat-admin 访问控制错误漏洞

dcat-admin is a backend system building tool based on Laravel, developed by Jiang Qinghua. Versions of Dcat-Admin 2.2.3-beta and earlier contain an access control vulnerability. This vulnerability stems from the editorMDUpload function in /admin/dcat-api/editor-md/upload, which allows unlimited...

CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11654

Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11636

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-11636

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...