EUVD-2026-33132

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from unknown functions in the usr/sbin/miniupnpd file, which may lead to resource consumption and potentially allow...

mall 授权问题漏洞

Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization-related vulnerabilities. These vulnerabilities stemmed from improper authorization in the...

ROS-20260529-73-0011

The vulnerability in the vault is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute a SSRF attack remotely...

PT-2026-44887

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

Linux Distros Unpatched Vulnerability : CVE-2026-9958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

Linux Distros Unpatched Vulnerability : CVE-2026-10002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

PT-2026-44888

Name of the Vulnerable Software and Affected Versions Shibby Tomato version 1.28 Description A remote attack can be launched against an unknown function within the usr/sbin/miniupnpd file, leading to resource consumption. This issue affects products that are no longer supported by the maintainer,...

DEBIAN-CVE-2026-9913

Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-9981

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-9918

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33050

Vulnerability in the Oracle Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payroll. Successful...

CVE-2026-9583

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

CVE-2026-9628

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...

CVE-2026-9430

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

CVE-2026-8979 Authentication Bypass

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

CVE-2026-45104

A flaw was found in MapServer. A remote attacker can exploit this vulnerability by sending a specially crafted Styled Layer Descriptor SLD via the Web Map Service WMS SLDBODY parameter. This can lead to a NULL pointer dereference, causing a Denial of Service DoS condition...

CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for remote, unauthenticated attackers to send specially crafted SOAP requests to the SAML ECP endpoint. These requests are accompanied ...