EUVD-2025-210012

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-210009

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-33766

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45845

Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.2 Description An SQL Injection issue exists in the ARMember Premium plugin for WordPress. The get private content data AJAX action fails to properly sanitize the sSortDir 0 parameter, which is concatenate...

PT-2026-45846

Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.1 Description The ARMember Premium plugin for WordPress contains an insecure password reset mechanism. Recommendations Update to version 7.3.1...

PT-2026-45777

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-46451

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in DevTools allows a remote attacker to bypass the same origin policy via malicious network traffic, provided they can convince a user to...

PT-2026-46560

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Password Manager allows a remote attacker to perform UI spoofing via malicious network traffic. UI spoofing is a technique where an...

PT-2026-46742

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Incorrect security UI in the File Input component allows a remote attacker to perform UI spoofing via a crafted HTML page, provided they can convince a user to perform specific UI...

PT-2026-46684

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Script injection in the Accessibility component allows an attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, which is a vulnerability that...

PT-2026-46719

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Password Manager allows a remote attacker to perform UI spoofing via malicious network traffic. UI spoofing is a technique where an...

PT-2026-46762

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Media component allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page...

PT-2026-46754

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the File Input component allows a remote attacker to perform UI spoofing. This is achieved by convincing a user to perform specific UI gestures while...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

EUVD-2026-33971

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-45847

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

PT-2026-46722

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in MHTML MIME HTML, a web page archive format allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specifi...

PT-2026-45759

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 14.1.x through 14.3.x Progress Sitefinity versions prior to 14.4.8152 Progress Sitefinity versions prior to 15.0.8234 Progress Sitefinity versions prior to 15.1.8335 Progress Sitefinity versions prior to 15.2.8441...

PT-2026-45761

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 15.2.x through 15.2.8440 Progress Sitefinity versions 15.3.x through 15.3.8530 Progress Sitefinity versions 15.4.x through 15.4.8629 Description An authorization bypass exists in web services where a user-controlle...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...