EUVD-2026-17787

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

EUVD-2026-17783

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-5277

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5277

The CVE-2026-5277 entry corresponds to an integer overflow in ANGLE inside Google Chrome on Windows, before version 146.0.7680.178. The issue allows a remote attacker who has compromised the renderer process to trigger an out-of-bounds memory write via a crafted HTML page. The vulnerability is as...

CVE-2026-5277

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5274

CVE-2026-5274 is a Chrome/Chromium vulnerability: an integer overflow in Codecs allows a remote attacker to perform arbitrary read/write through a crafted HTML page. Affected software includes Google Chrome prior to version 146.0.7680.178 (with references to Chromium fixes). The issue is describe...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in WebCodecs in Google Chrome prior to version 145.0.7632.159 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Before version 146.0.7680.75, using Skia in Google Chrome allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...

GHSA-G87C-R2JP-293W @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...

📄 MetInfo CMS 8.1 Code Injection

MetInfo CMS versions 8.1 and below suffer from a PHP code injection vulnerability in weixinreply.class.php. --------------------------------------------------------------------------- MetInfo CMS = 8.1 weixinreply.class.php PHP Code Injection Vulnerability...

PT-2026-29570

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b8492 Description A logic bug in the RPC backend's deserialize tensor function allows an unauthenticated attacker to read and write arbitrary process memory. This occurs because bounds validation is skipped when a...

PT-2026-29660

Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character name. Details character name is used unsafely as part of the destination filename an...

SUSE SLES15: freerdp / freerdp-devel / freerdp-proxy / freerdp-server / etc (SUSE-SU-2026:1160-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1160-1 advisory. - CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing bsc1258979. - CVE-2026-26955: Out-of-bounds Write in freerdp...