162371 matches found
PT-2026-46536
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in WebView allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...
PT-2026-46800
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
PT-2026-46889
Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...
PT-2026-46786
Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
PT-2026-46218
Name of the Vulnerable Software and Affected Versions HCL BigFix Cloud Lifecycle Management affected versions not specified Description Lack of input validation in HCL BigFix Cloud Lifecycle Management may lead to information exposure. This flaw allows unauthorized access to sensitive data...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from a weak validation logic for the device separation API routines. This vulnerability could potentially cause remote entities to forcibly unbin...
HCL BigFix Cloud Lifecycle Management 安全漏洞
HCL BigFix Cloud Lifecycle Management is a terminal lifecycle management platform developed by the Indian company HCL. HCL BigFix Cloud Lifecycle Management has a security vulnerability, which stems from insufficient input validation. This vulnerability may lead to information leaks and allow...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has a security vulnerability, which...
PT-2026-46883
Name of the Vulnerable Software and Affected Versions stata-mcp affected versions not specified Description The stata do API and CLI contain a flaw where the log file name parameter is interpolated into a Stata command string without proper sanitization. This allows an attacker to break out of th...
PT-2026-46853
Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...
PT-2026-46385
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
PT-2026-46165
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The account validation endpoint '/v1/User/validate' exposes comprehensive user profile data sheets. This information can be accessed without authentication and...
(Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability
This vulnerability allows remote attackers to access restricted functionality on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
PT-2026-46131
PackagePersister.validate tgz builds "tar -tf tgz 2&1" where tgz = File.joinrelease dir, 'packages', "name.tgz" and name = package meta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...
Iris 安全漏洞
Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were caused by improper file upload validation. These vulnerabilities could lead to the hosting of...
Cisco Catalyst SD-WAN Manager 安全漏洞
Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager, which stems from insufficient user...
Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.2 Multiple Vulnerabilities (ESA-2026-35 / ESA-2026-38)
The version of Kibana installed on the remote host is prior to 8.19.16, 9.3.5, or 9.4.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-35 and ESA-2026-38 advisories. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via...
HCL iControl 安全漏洞
HCL iControl is an IT infrastructure monitoring and automation platform developed by the Indian company HCL. HCL iControl has a security vulnerability, which stems from weak input validation. This issue arises due to incorrect validation of input types during the implementation of architectural...
JetBrains TeamCity < 2026.1 Multiple Vulnerabilities
The version of JetBrains TeamCity installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings CVE-2026-49373 - In JetBrains TeamCity before 2026.1...
EUVD-2026-34294
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...