CVE-2026-10882

CVE-2026-10882 affects Google Chrome (Chromium-derived) prior to version 149.0.7827.53. The issue is a use-after-free in the Network component, enabling a remote attacker to execute arbitrary code via a crafted HTML page (Chrome security severity: Critical). The most relevant public detail is tha...

CVE-2026-10882

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

CVE-2026-45497

CVE-2026-45497 affects Microsoft Copilot (M365 Copilot). According to the description, it involves improper neutralization of special elements in a command (command injection) that could allow an authorized attacker to execute code over a network. The connected documents do not provide concrete t...

CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability

...

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

EUVD-2026-34318

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

CVE-2026-41249

CoreShop (versions 5.0.1–5.1.0-beta.1) is affected by an RCE in GitHub Actions workflow: the static.yml workflow uses pull_request_target but checks out the PR head ref and executes bin/console from that untrusted checkout, enabling an attacker to run arbitrary code on the runner. The incident is...

CVE-2026-41249 CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2025-71316

CVE-2025-71316 affects SQLite sqldiff.exe and is due to insecure handling of Unicode-to-ANSI conversion in the Windows C runtime. An attacker could use the -L option to load an arbitrary DLL by crafting a command line argument string, causing command line file arguments to be misinterpreted as op...

CVE-2025-71316 SQLite sqldiff remote code execution via argument injection

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

CVE-2026-25550 Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

EUVD-2026-34304

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...