CVE-2026-12450

CVE-2026-12450 describes an inappropriate implementation in the Media component of Google Chrome (Chromium-based) prior to build 149.0.7827.155. The underlying issue allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The vulnerability...

CVE-2026-12449

CVE-2026-12449 relates to a use-after-free in Chromoting for Google Chrome on Windows cases prior to version 149.0.7827.155, enabling a local attacker to achieve OS‑level privilege escalation via a malicious file. The cross‑reference entries confirm the affected component as Chromoting within Chr...

CVE-2026-12448

CVE-2026-12448 affects WebView in Google Chrome on Android prior to 149.0.7827.155. The issue is an inappropriate implementation in WebView that allows a remote attacker to escalate privileges via a crafted HTML page. The vulnerability is tied to Chromium WebView behavior and is rated High severi...

CVE-2026-12447

CVE-2026-12447 affects Google Chrome/WebRTC (Chromium). The issue is a heap buffer overflow in WebRTC that allows remote code execution via a crafted HTML page, affecting builds prior to 149.0.7827.155. Impact is a sandbox escape/total compromise of the browser process, per the cited descriptions...

CVE-2026-12446

CVE-2026-12446 : In Chromium-based Google Chrome, an inappropriate implementation in Passwords prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Affected component: Passwords handling in Chrome/Chromium. Root cause: improper cross-origin data han...

CVE-2026-12445

CVE-2026-12445 : A use-after-free in Google Chrome extensions handling leads to potential heap corruption when a user is persuaded to install a malicious extension. Affected product: Google Chrome (Extensions component). Root cause: use-after-free in the Extensions code path, enabling memory corr...

CVE-2026-12443

CVE-2026-12443 is a use-after-free in Chrome’s Web Authentication implementation that could allow a remote attacker to execute arbitrary code via a crafted HTML page. Affected software: Google Chrome (Chromium). Underlying issue is in Web Authentication handling that leads to memory misuse. Impac...

CVE-2026-12444

Chromoting in Google Chrome on Windows is affected by an out-of-bounds read vulnerability tracked as CVE-2026-12444. The issue allows a local attacker to obtain potentially sensitive information from process memory via a malicious file. The root cause is an out-of-bounds memory read in Chromoting...

CVE-2026-12442

The CVE-2026-12442 entry describes a use-after-free in Passwords in Google Chrome on Android before version 149.0.7827.155, allowing a remote attacker to execute arbitrary code via a crafted HTML page (Chromium security severity: Critical). Connected sources confirm this vulnerability affects Chr...

CVE-2026-12441

CVE-2026-12441 affects Google Chrome on Linux (File Input component). The issue is a use-after-free that can lead to heap corruption via a crafted HTML page, enabling a remote attacker to potentially exploit the vulnerability. Affected version range is prior to 149.0.7827.155; remediation is to u...

CVE-2026-12440

CVE-2026-12440 concerns a use-after-free in Google Chrome’s DigitalCredentials on Windows, prior to version 149.0.7827.155. The issue allows a remote attacker to potentially escape the Chrome sandbox via a crafted HTML page, classified as Critical. Affected software is Chrome with the DigitalCred...

CVE-2026-12439

CVE-2026-12439 describes a use-after-free in Google Chrome’s Digital Credentials handling, leading to potential heap corruption when processing a crafted HTML page. Affected product: Chrome (Chromium-based) before version 149.0.7827.155. Root cause: use-after-free in Digital Credentials component...

CVE-2026-12438

The CVE-2026-12438 entry corresponds to an issue in WebView for Google Chrome on Android, where an attacker who compromised the renderer process could escape the browser sandbox via a crafted HTML page. Affected product/vector: Android WebView in Chrome; root cause: inappropriate implementation i...

CVE-2026-12437

CVE-2026-12437 describes a use-after-free in WebShare for Google Chrome on Windows before 149.0.7827.155. A remote attacker who already has renderer compromise could exploit a crafted HTML page to attempt a sandbox escape. The vulnerability is rated Critical. Affected software is Google Chrome (W...

CVE-2025-15641

The CVE details a vulnerability in Netskope Client for Windows where an insider with administrative privileges can tamper with the customer IOCTL by sending crafted IOCTL requests to the driver, bypassing anti-tampering protections for NSClient. Affected: Netskope Client on Windows; versions: all...

CVE-2026-55706

OpenBSD affected by CVE-2026-55706: the sppp_pap_input() function in sys/net/if_spppsubr.c allows an authentication bypass when certain zero values are used for lengths. OpenBSD versions prior to 076e2b1 are affected; root cause is improper handling of length values in PAP input. Remediation: upg...

CVE-2026-55675

Technical details for CVE-2026-55675 are not publicly available in the provided documents. No affected products, impact, or remediation information are disclosed. Monitor for updates from the sources referenced in the connected documents.

CVE-2026-54683

CVE-2026-54683 describes improper authorization in the NL Portal. An authenticated portal user could download documents belonging to other users when they had a valid document identifier. PT Security reports that an earlier fix for CVE-2026-49463 was incomplete, with an unused authorization param...

CVE-2026-55187

The FreeBSD mail/mailpit entry documents a vulnerability in the Mailpit Link Check API SSRF protection. The root cause is that the internal IP denial relies on Go’s stdlib classification helpers (IsLoopback, IsPrivate, IsLinkLocalUnicast, IsLinkLocalMulticast, IsUnspecified, IsMulticast) plus an ...

CVE-2025-26240

The CVE-2025-26240 entry affects JazzCore’s python-pdfkit 1.0.0, where the from_string method allows JavaScript to execute within the server context and enables exfiltration of local files. This indicates a server-side execution vector with high impact on confidentiality, integrity, and availabil...

CVE-2026-12535

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2026-55226

PT Security reports that Strimzi 1.0.1 patch release fixes CVE-2026-55226 (and CVE-2026-55225). No technical details about the vulnerability are provided in the connected documents. Risk, affected components, and remediation specifics beyond the upgrade are not disclosed.

CVE-2026-55809

Technical details for CVE-2026-55809 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-55810

Technical details for CVE-2026-55810 are not provided in the supplied documents; monitor for updates.

CVE-2026-54069

Affected software: SiYuan Note ≤ 3.6.5. Vulnerability: Authentication bypass via the CheckAuth middleware, which unconditionally trusts chrome-extension:// origins and grants RoleAdministrator access to requests with spoofed Origin headers. Impact: Full admin API access, with potential data exfil...

CVE-2026-55225

PTSecurity notes that Strimzi 1.0.1 patch release fixes two CVEs: CVE-2026-55225 and CVE-2026-55226. The initial CVE-2026-55225 entry is reserved/no details, but the connected PT entries confirm a published patch release addressing these CVEs. No technical details (impact, affected components, ex...

CVE-2026-55092

Technical details for CVE-2026-55092 are not publicly available in the provided documents; monitor for updates.

CVE-2026-9012

Summary of connected document details for CVE-2026-9012: PT-Security report PT-2026-50548 references CVE-2026-9012 as an arbitrary directory traversal flaw in the Windows Kernel used as a delivery mechanism for a new feature (“Smart Scrapbook”). The description attributes a root cause to a direct...

CVE-2026-36418

The CVE concerns JimuReport versions ≤ 2.3.4, where remote code execution is possible via the /jmreport/executeSelectApi endpoint due to inadequate validation of user input passed to the Aviator expression engine. This is caused by improper handling of Aviator expressions, allowing arbitrary code...

CVE-2026-49463

CVE-2026-49463 context: PT-2026-50546 clarifies that an earlier fix in NL Portal (pre-3.0.3) was incomplete: an authorization parameter added to a GraphQL query was not used and a vulnerable REST endpoint remained. Impact: authenticated users could access documents belonging to other users if the...

CVE-2025-66391

CVE-2025-66391 affects Citrix Cloud (through 2025-11-10). A read-only account can trigger a write-workflow; specifically, when attempting to reset a user password, the system may send a one-time password to an attacker-controlled email address. This describes a potential confidentiality/integrity...

CVE-2026-39199

The CVE-2026-39199 entry affects snes9x 1.63 and describes an out-of-bounds write that leads to a denial of service when processing a crafted .ups patch file. The vulnerability is tied to the emulator’s handling of UP.patch data, causing a crash (DoS) when a malicious or malformed patch is loaded...

CVE-2026-20706

CVE-2026-20706 is a reserved entry; connected documents reveal a concrete vulnerability in Gitea: the web archive download endpoint (/archive/) accepts OAuth2 tokens with non-repository scopes, enabling access to private repository archives. The issue arises because checkDownloadTokenScope is not...

CVE-2026-27783

CVE-2026-27783 maps to a Gitea issue-template/config exposure: three API endpoints (GET /repos/{owner}/{repo}/issue_templates, /issue_config, /issue_config/validate) read from the repository Code default branch without the unit-based access guard (reqRepoReader). This allows a user with any repos...

CVE-2026-25714

Technical details for CVE-2026-25714 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-26231

CVE-2026-26231 has connected details via GHSA-MM7C-RHG6-QR4R describing a Gitea authorization bypass: an authenticated, low-privilege user with read access can abuse the PR flow to push arbitrary commits to a repository. The flaw stems from the PR creation flow binding allow_maintainer_edit=true ...

CVE-2026-52797

Summary: Multiple sources describe a Gogs vulnerability (GHSA-PM6V-2H4W-4RP2) that allows an authorized user to exploit a path-traversal flaw in the GetDiffPreview workflow to execute a git diff on an arbitrary path and potentially overwrite files (e.g., gogs.db) via the --output option, causing ...

CVE-2026-28744

Summary: Gitea 1.26.1 is affected by a vulnerability in the Git Smart HTTP path where repository-scoped token checks run only for Basic authentication. Bearer/OAuth2 tokens can bypass scope enforcement, potentially allowing clones/pushes to private repositories without the required scope. The iss...

CVE-2026-48797

Backpropagate is a Python library for fine-tuning LLMs on a single GPU. In versions 1.1.0 and 1.1.1, the Reflex web UI exposes a training control plane without authentication, allowing dataset upload, model load, training control, multi-run orchestration, GGUF export, and HuggingFace Hub push. Th...

CVE-2026-44587

CarrierWave (Ruby) before versions 2.2.7 and 3.1.3 contains a denylisted_content_type bypass: denylist entries are interpolated into a regex without Regexp.quote or a start anchor, so entries like image/svg+xml render the pattern that fails to match the real MIME type (e.g., /image/svg+x/). This ...

CVE-2026-48929

Rocket.Chat versions older than 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 are vulnerable to unauthenticated file deletion through the deleteFileMessage Meteor method. When called over an unauthenticated DDP WebSocket connection, Meteor.userId() returns null, bypassing the auth...

CVE-2026-48616

CVE-2026-48616 affects Rocket.Chat Livechat file downloads in multiple legacy branches (versions

CVE-2026-48782

CVE-2026-48782 affects Pydantic AI (versions 1.56.0–1.101.0, 2.0.0b1, 2.0.0b2) where the cloud-metadata blocklist can be bypassed by IPv6 transition forms that previous fixes did not decode. The IPv6 forms bypassing the blocklist can expose cloud IAM short-term credentials when an app uses force_...

CVE-2026-48788

CVE-2026-48788 affects Remark42 (versions 1.6.0–1.15.0). The known issue is a content-type spoofing-based XSS in the image proxy: during download the proxy checks Content-Type headers to decide if a resource is an image, but the serving phase sniffing can differ, leading to a mismatch that lets H...

CVE-2026-48745

CVE-2026-48745 – Traccar Client : A vulnerability in Traccar Client

CVE-2026-47277

Runtipi pre-4.10.0 is affected by an unauthenticated arbitrary file read through app-store logo symlinks. In versions 4.9.1–4.9.3, the public endpoint serves marketplace logos from files inside cloned app-store repositories; a logo symlink (e.g., metadata/logo.jpg) can cause the target file to be...

CVE-2026-48783

CVE-2026-48783 affects Postiz prior to version 2.21.8. An unauthenticated endpoint (/public/modify-subscription) accepted a signed token and applied subscription-enforcement side effects to the organization in the token’s claims without verifying the token’s intended purpose. The endpoint could n...

CVE-2026-2604

Summary: CVE-2026-2604 affects evolution-data-server. An inconsistent comparison logic in the addressbook backend lets a Flatpak/D-Bus user craft a malicious URI with directory traversal sequences. This URI is stored during contact creation/modification and later rechecked with lower strictness d...

CVE-2026-48781

Summary (CVE-2026-48781): Postiz (AI social media scheduler) versions before 2.21.8 are affected. The Skool integration callback could sign an attacker-controlled JSON blob into a session-shape JWT using the app’s JWT_SECRET, and the authentication middleware trusted every claim without re-resolv...

CVE-2026-48779

Technical details for CVE-2026-48779 are not publicly available in the provided documents. Monitor for updates from the listed sources; the initial description includes affected versions and fixes, but no further technical specifics are provided here.