CVE-2026-10905

Summary : CVE-2026-10905 describes a Use-after-free in Network in Google Chrome before 149.0.7827.53. If a renderer process is compromised, a remote attacker could potentially perform a sandbox escape via a crafted HTML page. The vulnerability is categorized as high severity and is tied to the Ch...

CVE-2026-10893

CVE-2026-10893 describes a use-after-free in Chromoting within Google Chrome, allowing a remote attacker to execute arbitrary code via malicious network traffic. The issue affects Chrome prior to version 149.0.7827.53. The Chrome 149 stable update (Linux/Windows/macOS) includes fixes and other se...

CVE-2026-10889

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10889

CVE-2026-10889 refers to an out-of-bounds read in ANGLE used by Google Chrome, prior to version 149.0.7827.53. The vulnerability could allow a remote attacker who already compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. Affected product: Google Ch...

CVE-2026-10883

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10882

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10881

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

EUVD-2026-34340

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

EUVD-2026-34339

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-10872

CVE-2026-10872 affects Shibby Tomato 1.28.0000 Web UI: the start_vpnserver function in /sbin/rc is vulnerable to remote OS command injection. Exploit published; impact is high (C/I/A). Privileges required: HIGH; no user interaction. Superseded by FreshTomato.

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

CVE-2026-42547

CVE-2026-42547 affects IRIS (web collaborative platform). In versions prior to 2.4.28, users can create alerts for customers not assigned to them, enabling false attribution of alerts. When combined with Cross-Site Scripting, this may also allow exfiltration of alerts between customers. The advis...

CVE-2026-42547 IRIS Alerts Can be Falsely Attributed to Customers

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

CVE-2026-42543 IRIS has a Cross-Site Request Forgery (CSRF) issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

CVE-2026-42540

IRIS web collaborative platform suffers a Mass Assignment vulnerability (CVE-2026-42540). Versions prior to 2.4.28 allow an attacker to alter values in the database through manipulated API requests. A fix is available in version 2.4.28. The CVSS 3.1 score is 4.3 (Medium) with Network attack vecto...

CVE-2026-42540 IRIS has a Mass Assignment issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

EUVD-2026-34327

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

Malicious code in hello244a (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3d7e9578338cca22e41d1ac1345136162b5441eb57090bb89fbc73bd37976c71 The OpenSSF Package Analysis project identified 'hello244a' @ 1.0.4 npm as malicious. It is considered malicious because: - The package...