CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11686

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11676

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-11666

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2026-11666

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-11658

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-11658

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

PT-2026-47817

Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...

PT-2026-47798

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

PT-2026-47682

Name of the Vulnerable Software and Affected Versions WP Emoticon Rating versions prior to 1.0.2 Description The WP Emoticon Rating plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...

PT-2026-47841

Issue summary: When the X509 VERIFY PARAM set1 email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

PT-2026-47857

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

PT-2026-48342

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2026-2256)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the...

PT-2026-47826

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

📄 Python-Multipart Path Traversal

This code bundle contains two separate components related to the path traversal vulnerability affecting Python-Multipart versions prior to 0.0.22. ================================================================================================================================== | Title :...

PT-2026-48106

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

PT-2026-48271

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

PT-2026-47818

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description A buffer overflow occurs due to insufficient input validation of buffers. This allows authenticated administrators connected to the local network to make unauthorized modifications to the...