ROS-20260515-73-0003

A vulnerability in the SDLinfo function of the Firebird database management system is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260515-73-0002

Vulnerability in firebird due to lack of service data protection. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

ROS-20260515-73-0037

A vulnerability in the WebML component of Google Chrome and Microsoft Edge browser is related to an operation exceeding memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0031

A vulnerability in the WebML component of the Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0009

A vulnerability in the sdldesc function of the Firebird database management system is related to the lack of a division by zero check. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-38728

An issue in Nodemailer smtpserver before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream.write, lib/smtp-stream.js components...

CVE-2026-38728

The vulnerability CVE-2026-38728 affects Nodemailer smtp_server prior to version 3.18.3. The issue is triggered in the SMTPStream._write implementation (lib/smtp-stream.js), allowing a remote attacker to cause a denial of service. Impact is a DoS on the SMTP server component mentioned. The root c...

CVE-2026-8520

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-8520

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-8570

The CVE-2026-8570 entry concerns Google Chrome’s V8 engine. A Type Confusion in V8, affecting Chrome versions prior to 148.0.7778.168, could allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. The description does not specify exact vulnerable bu...

CVE-2026-8560

CVE-2026-8560 describes a heap buffer overflow in SwiftShader used by Google Chrome on macOS and iOS, prior to Chrome 148.0.7778.168. The vulnerability allows a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. Affected component: SwiftShader within Chrome; impact i...

CVE-2026-8519

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-8516

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity:...

CVE-2026-8512

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-40893 Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

USN-8271-1: nginx vulnerability

It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8271-1 nginx vulnerability

It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code...

PT-2026-41088

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An integer overflow in the Internationalization component allows a remote attacker to perform an out-of-bounds memory write by inducing the user to visit a crafted HTML page. An...

Cisco Catalyst SD-WAN Manager（Cisco SD-WAN vManage） 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager. This vulnerability stems from the...

Linux Distros Unpatched Vulnerability : CVE-2026-8512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to...