Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Skia component’s tendency to reuse resources after release, which could allow remote attackers with access t...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds read operations in the GPU, which could allow remote attackers to execute a sandbox escape by using a...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome on Windows before 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after release in the Accessibility framework. It could allow remote attackers to...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds writes in the ANGLE library, which could allow remote attackers to execute a sandbox escape by using a...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the use of GPU components that were reused after being released, potentially allowing remote attackers who had...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on Windows before 148.0.7778.216, there was a resource management vulnerability. This vulnerability stemmed from the XR component allowing reusing of resources after they were released. This could allow remote...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Extensions component reusing resources after they were released. This could allow remote attackers who have...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from a problem with UI components that allowed reusing of resources after they were released. This could allow remote...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in ANGLE, which could allow remote attackers to execute a sandbox...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability, which stemmed from issues with reusing resources after they were released in Skia. This vulnerability could allow remote attackers who have...

RELATE 跨站脚本漏洞

RELATE is a web-based course package developed by Andreas Klöckner. RELATE has a cross-site scripting vulnerability. This vulnerability stems from the getuser method in ParticipationAdmin, which uses marksafe for rendering user-controlled inputs, bypassing Django’s HTML escaping. This may lead to...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of GPU components after they were released, which could allow remote attackers to exploit the system b...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome on Windows before 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from a problem with core components that allowed reusing of resources after they had been released. This cou...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability caused by integer overflow in Skia. This vulnerability could allow remote attackers to execute arbitrary code in the sandbox by using a specially crafted HT...

CVE-2025-71305

drm/display/dpmst: Add protection against 0 vcpi...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in the ANGLE framework, which could allow remote attackers to...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the pages.access permission check during the rendering process of page drafts. An attacker can gain unauthorized access to sensitive page draft content by authenticating as a user without the required permission...

PYSEC-2026-168

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

CVE-2026-44209

Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...

CVE-2026-44209 Banks: Critical Remote Code Execution (RCE) via Jinja2 SSTI

Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...