CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

CVE-2026-5277

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5277

The CVE-2026-5277 entry corresponds to an integer overflow in ANGLE inside Google Chrome on Windows, before version 146.0.7680.178. The issue allows a remote attacker who has compromised the renderer process to trigger an out-of-bounds memory write via a crafted HTML page. The vulnerability is as...

CVE-2026-5277

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2026-5274

CVE-2026-5274 is a Chrome/Chromium vulnerability: an integer overflow in Codecs allows a remote attacker to perform arbitrary read/write through a crafted HTML page. Affected software includes Google Chrome prior to version 146.0.7680.178 (with references to Chromium fixes). The issue is describe...

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Before version 146.0.7680.75, using Skia in Google Chrome allowed a remote attacker to perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...

GHSA-G87C-R2JP-293W @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...

📄 MetInfo CMS 8.1 Code Injection

MetInfo CMS versions 8.1 and below suffer from a PHP code injection vulnerability in weixinreply.class.php. --------------------------------------------------------------------------- MetInfo CMS = 8.1 weixinreply.class.php PHP Code Injection Vulnerability...

PT-2026-29660

Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character name. Details character name is used unsafely as part of the destination filename an...

Linux Distros Unpatched Vulnerability : CVE-2026-5274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3209 (ALAS-2026-3209)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3209 advisory. Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based...

PT-2026-29570

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b8492 Description A logic bug in the RPC backend's deserialize tensor function allows an unauthenticated attacker to read and write arbitrary process memory. This occurs because bounds validation is skipped when a...

AlmaLinux 9 : freerdp (ALSA-2026:6004)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6004 advisory. freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path CVE-2026-26965 freerdp: FreeRDP: Arbitrary code executio...

PT-2026-30239

Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions 2.4.16 and prior Description OpenPrinting CUPS is a printing system for Linux and Unix-like operating systems. A local unprivileged user can manipulate cupsd into authenticating to an attacker-controlled localhost IP...