CVE-2026-31812

In Quinn (Rust, QUIC), the quinn-proto parsing path decodes attacker-controlled varints with unwrap(), so a crafted QUIC Initial packet containing malformed quic_transport_parameters can trigger an unexpected end and panic. This remote, unauthenticated DoS is reachable over the network and affect...

CVE-2026-0109

CVE-2026-0109 affects the function dhd_tcpdata_info_get in dhd_ip.c, enabling a remote Denial of Service due to a precondition check failure. Exploitation requires no user interaction and can be remote (network vector). The strongest public context comes from Android Pixel bulletin entries, which...

EUVD-2026-10626

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network...

EUVD-2026-10522

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection a...

CVE-2026-25972

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

CVE-2026-24017

An Improper Control of Interaction Frequency vulnerability CWE-799 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypas...

CVE-2026-25972

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

CVE-2025-68482

CVE-2025-68482 describes an improper certificate validation in Fortinet FortiAnalyzer (versions 7.6.0–7.6.4, 7.4.0–7.4.8, 7.2 all, 7.0 all; and FortiManager 7.6.0–7.6.4, 7.4.0–7.4.8, 7.2 all, 7.0 all) that may allow a remote unauthenticated attacker to view confidential information via a MITM att...

CVE-2025-54820

A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is...

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

CVE-2025-41757

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

CVE-2025-61614

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2026-3814

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to t...

Windows Kerberos Security Feature Bypass Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network...

CVE-2026-3788

A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...

CVE-2026-3786

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

PT-2026-24873

CVE-2026-3925 Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. C… https://t.co/XnxsUXtXOT...

Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. Interaction with the GDI library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.71 contained a security vulnerability. This vulnerability stemmed from WebML’s integer overflow issue, which could allow remote attackers to exploit heap corruption through specially crafted HTML...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.71 contained a security vulnerability. This vulnerability stemmed from excessive memory access in WebML, which could allow remote attackers to exploit heap corruption through specially crafted HT...