251229 matches found
CVE-2026-10887
Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...
CVE-2026-10887
Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...
CVE-2026-10885
Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-10885
Use after free in Chrome for iOS: Google Chrome on iOS prior to 149.0.7827.53 allows remote code execution via a crafted HTML page. The issue in Chrome for iOS is confirmed in multiple sources (CVE-2026-10885). The Chrome 149 stability release includes this fix (149.0.7827.53) across desktop and ...
CVE-2026-10885
Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-10885
Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-10882
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-10882
CVE-2026-10882 affects Google Chrome (Chromium-derived) prior to version 149.0.7827.53. The issue is a use-after-free in the Network component, enabling a remote attacker to execute arbitrary code via a crafted HTML page (Chrome security severity: Critical). The most relevant public detail is tha...
CVE-2026-10882
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-10882
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-45497
CVE-2026-45497 affects Microsoft Copilot (M365 Copilot). According to the description, it involves improper neutralization of special elements in a command (command injection) that could allow an authorized attacker to execute code over a network. The connected documents do not provide concrete t...
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
...
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
...
CVE-2026-41249
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...
CVE-2026-41249
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...
EUVD-2026-34318
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...
CVE-2026-41249 CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...
CVE-2026-41249
CoreShop (versions 5.0.1–5.1.0-beta.1) is affected by an RCE in GitHub Actions workflow: the static.yml workflow uses pull_request_target but checks out the PR head ref and executes bin/console from that untrusted checkout, enabling an attacker to run arbitrary code on the runner. The incident is...
Exploit for Stack-based Buffer Overflow in Microsoft
CVE-2026-41089 !TIP If the setup does not start, add t...