AP Pricing Tables Lite <= 1.1.6 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...

Label Studio - Cross-Site Scripting

Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. id: CVE-2023-47115 info: name: Label Studio - Cross-Site Scripting author: isaca...

Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task. id: CVE-2015-4074 info: name: Joomla! Helpdesk Pro plugin 1.4.0 - Local File...

EUVD-2026-33225

Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-9940

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-10012

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9921

Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information via a crafted HTML page. Chromium security severity: High...

CVE-2026-46827

Vulnerability in the Oracle Payroll product of Oracle E-Business Suite component: Self Service Manager. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payroll. Successful...

CVE-2026-9118

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-8557

This CVE concerns Google Chrome: a use-after-free in the Accessibility component prior to version 148.0.7778.168. A remote attacker who already compromised the renderer could escalate privileges via a crafted HTML page. Impact is Privilege Escalation with High severity per the cited metrics. The ...

PT-2026-41068

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Script injection in the SanitizerAPI allows a remote attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, which is a vulnerability...

Rails File Content Disclosure

Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...

SUSE CVE-2026-7921

Use after free in Passwords in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of “after free” in Peer Connection in Google Chrome before version 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

A out-of-bounds read in Blink within Google Chrome before version 146.0.7680.153 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Using “after free” in Dawn in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of “after free” in Navigation in Google Chrome before version 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

“Type Confusion in V8 in Google Chrome” before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE: Security Advisory (SUSE-SU-2026:20989-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...