Path Traversal

org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...

CVE-2026-8053

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation LPE vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia , the security...

PT-2026-41053

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out of bounds write in WebAudio allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. An out of bounds write occurs when a program writes...

PT-2026-41096

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An integer overflow in ANGLE on Windows allows a remote attacker to perform an out-of-bounds memory write by inducing the user to open a crafted HTML page. An integer overflow occurs...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-bad-free (UTSA-2026-021393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021393 advisory. GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

PT-2026-41033

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel decode raw impl. context-pos x grows by repeat count on every sixel characte...

PT-2026-41169

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description The "POST /api/v1/notes/id/pin" endpoint performs a write operation by toggling the is pinned field but incorrectly validates only for read permission. This allows users who have read-only access ...

Linux Distros Unpatched Vulnerability : CVE-2026-8052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad's exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink...

PT-2026-41087

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out-of-bounds write issue exists in the Fonts component, which occurs when the font rendering engine mishandles memory operations by writing data past an allocated memory buffer. Th...

PT-2026-41055

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out of bounds write in WebRTC allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. An out of bounds write occurs when a program writes...

PT-2026-41098

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An out of bounds write in Codecs allows a remote attacker to potentially perform a sandbox escape by using a crafted video file. A sandbox escape is a technique used to break ou...

PT-2026-41077

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out-of-bounds write in the Media component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. An...

Linux Distros Unpatched Vulnerability : CVE-2026-8558

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-6959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symli...

PT-2026-41081

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description A heap buffer overflow in the GPU allows a remote attacker to perform an out-of-bounds memory write by using a crafted HTML page. A heap buffer overflow occurs when a progra...

PT-2026-41083

Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 148.0.7778.168 Description Type confusion in ANGLE allows a remote attacker who has compromised the renderer process to perform an out of bounds memory write by using a crafted HTML page. Type confusi...

PT-2026-41108

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to perform an out of bounds memory write via a crafted print file...

PT-2026-41188

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description In standard channels, the pin and unpin operation incorrectly verifies only read permissions instead of write permissions. This allows users with read-only access to modify the is pinned, pinned b...

RHEL 7 : ImageMagick (RHSA-2026:17618)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17618 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes:...