CVE-2026-0183

PT-2026-48834 aggregates an advisory from openSUSE noting CVE-2026-0183 affects RoundcubeMail and backported in SLE-15-SP6/SP7. It documents XSS and SQL injection flaws and a denial-of-service issue disclosed by LinuxSecurity/OpenSUSE context. The advisory links to backport mitigations, but the e...

CVE-2025-35273

CVE-2025-35273 is a server-side request forgery vulnerability in Oracle PeopleSoft. PT Security documents that ShinyHunters exploited this 0-day to target 100+ organizations, including ~300 endpoints across ~100 institutions, with roughly 68% in higher education. The vulnerability was remotely ex...

CVE-2026-54052

Technical details for CVE-2026-54052 are not publicly available in the provided documents. No affected products, impact, or remediation are specified. Monitor for updates from the connected sources and the CVE entry.

CVE-2026-53762

VeraCrypt 1.26.29 is released with security fixes including CVE-2026-53762 and CVE-2026-54073. The update adds Argon2id KDF for non-system volumes and includes driver/EFI, Linux/macOS fixes as part of system encryption improvements (and UEFI CA 2023 support). The PT Security entries PT-2026-48872...

CVE-2026-53510

Technical details for CVE-2026-53510 are not publicly available in the provided documents. Monitor for updates; no affected products, vectors, or remediation can be confirmed from the given sources.

CVE-2026-49482

CVE-2026-49482 affects ClipBucket v5, where the subtitle editing endpoint improperly neutralizes SQL wildcard characters. An authenticated user could supply a '%' in the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request. This is mitigated by the patc...

CVE-2026-47238

CVE-2026-47238 affects ClipBucket v5 prior to 5.5.3 (patch released in 5.5.3 - #133). A normal authenticated user can perform an insecure IDOR in the videos subtitle editor, allowing editing, uploading, renaming, or deleting subtitles belonging to other users due to lack of proper authorization. ...

CVE-2026-45060

CVE-2026-45060 (ClipBucket) affects ClipBucket v5.x prior to 5.5.3. The vulnerability is a blind SQL injection in the actions/progress_video.php endpoint, exploitable by unauthenticated users via the ids parameter to exfiltrate data. The issue is confirmed as patched in version 5.5.3 (#129). If e...

CVE-2026-42846

CVE-2026-42846 affects ClipBucket v5 prior to 5.5.3 (pre-release #140) where the Remote Play feature concatenates a user-provided URL into shell commands without escaping. This allows an authenticated user to trigger arbitrary command execution via shell metacharacters in the URL. The issue has b...

CVE-2026-45418

ClipBucket v5 before 5.5.3 is affected by a boolean-based blind SQL injection in the POST /actions/subtitle_edit.php endpoint (subtitle title edit via a numeric parameter) that authenticated uploaders can exploit to exfiltrate data. Impact includes potential disclosure of sensitive data; remediat...

CVE-2026-45171

Idira Privileged Session Manager (PSM) affected by CVE-2026-45171 due to incomplete input validation and misconfigured folder permissions. Versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 are at risk. An authenticated, low-privileged user could potentially execute arbitrary code. The issue is...

CVE-2026-45172

The CVE describes an input validation flaw in Idira Privileged Session Manager for SSH (PSMP). A authenticated, low-privilege user could potentially execute arbitrary commands on the PSMP host due to incomplete input validation in PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6. Affecte...

CVE-2026-45173

The CVE concerns Idira Identity Browser Extension for Chrome, Firefox, and Edge, with versions prior to 26.8.1. A flaw in origin validation within internal web-page verification routines could allow a remote attacker to trigger unauthorized application interaction or execution parameters within a...

CVE-2026-45174

The vulnerability CVE-2026-45174 affects Idira Endpoint Privilege Manager Linux Agent prior to version 26.5. A local attacker could potentially bypass the agent daemon initialization process, enabling compromise of the daemon initialization sequence. Affected component: Idira EPM Linux Agent; roo...

CVE-2026-42653

The CVE-2026-42653 vulnerability affects the WordPress SliceWP plugin (

CVE-2026-39494

The CVE-2026-39494 entry concerns WordPress Product Filter by WBW plugin

CVE-2026-42647

CVE-2026-42647 affects the WordPress plugin JoomSport

CVE-2026-49060

The CVE-2026-49060 entry concerns the WordPress plugin Hippoo Mobile App for WooCommerce. Affected: Hippoo Mobile App for WooCommerce plugin versions up to 1.9.4. Issue: Incorrect Privilege Assignment leading to Privilege Escalation. Impact: high risk across confidentiality, integrity, and availa...

CVE-2026-44890

Netty has Unbounded Direct Memory Consumption in its RedisDecoder (CVE-2026-44890). In netty-codec-redis, versions before 4.1.135.Final and 4.2.15.Final allow an attacker to cause a DoS by sending crafted Redis payloads across multiple connections that omit "\r\n", exhausting the server’s direct ...

CVE-2026-44250

CVE-2026-44250 describes memory exhaustion DoS in Netty’s RedisArrayAggregator. Affected: io.netty:netty-codec-redis in versions prior to 4.1.135.Final and 4.2.15.Final. Root cause: processing of deeply nested Redis arrays from a crafted payload causes unbounded AggregateState/ArrayList allocatio...

CVE-2026-12035

CVE-2026-12035 affects Google Chrome on Windows (Views component). Affected: Chrome versions prior to 149.0.7827.115. Root cause: Use-after-free in Views leading to potential heap corruption via a crafted HTML page. Impact: potential remote code execution via heap corruption (per the vulnerabilit...

CVE-2026-12033

CVE-2026-12033 affects Google Chrome’s VideoCapture component. The issue is an out-of-bounds read in VideoCapture that could allow a remote attacker who has compromised the GPU process to read potentially sensitive data from process memory via a crafted HTML page. The vulnerability is tied to Chr...

CVE-2026-12034

The CVE-2026-12034 entry describes an issue in Google Chrome on Linux where Linux Toolkit Theming mishandles untrusted input, allowing a renderer process in a compromised sandbox to escape via a malicious file. Affected software: Google Chrome on Linux (pre-149.0.7827.115). Root cause: insufficie...

CVE-2026-12031

Google Chrome on Windows before 149.0.7827.115 is affected by CVE-2026-12031 due to an inappropriate implementation in Views that can allow a remote attacker, who has compromised the renderer process, to potentially escape the sandbox via a crafted HTML page. The issue is rated High (CVSS 3.1: AV...

CVE-2026-12032

CVE-2026-12032 affects Google Chrome on Android (pre‑149.0.7827.115) where an inappropriate implementation in Passwords allowed a remote attacker, who had renderer access, to bypass site isolation via a crafted HTML page. The connected sources confirm the issue exists in Passwords and is tied to ...

CVE-2026-12028

The CVE-2026-12028 issue affects Google Chrome on Android (before 149.0.7827.115) and is caused by a use-after-free in the GPU code. A compromised renderer process could potentially escape the Chrome sandbox via a crafted HTML page. The connected sources confirm the vulnerability detail and indic...

CVE-2026-12029

CVE-2026-12029: Use-after-free in Video on Google Chrome for Windows (pre-149.0.7827.115) allows a remote attacker with renderer access to escape the sandbox via a crafted HTML page. Impact: high. Root cause: use-after-free in Video; Exploitation context requires a compromised renderer. A fix is ...

CVE-2026-12030

CVE-2026-12030: Out-of-bounds write in Chrome’s GPU code on Android (pre-149.0.7827.115) potentially enables a sandbox escape when a renderer process is compromised via a crafted HTML page. Affected: Google Chrome for Android; impact: high. Exploitation requires renderer access; remediation: Goog...

CVE-2026-12026

CVE-2026-12026 : Affected product is Google Chrome/Chromium on ChromeOS. The vulnerability is an out-of-bounds read in the Video component, allowing a remote attacker who has compromised the renderer process to read sensitive data from process memory via a crafted HTML page. Root cause described ...

CVE-2026-12025

CVE-2026-12025 affects Google Chrome and involves insufficient validation of untrusted input in the Network stack. A malicious actor who had already compromised the renderer process could exfiltrate cross-origin data via a crafted HTML page. The public write-up confirms the impact as data leakage...

CVE-2026-12027

The CVE-2026-12027 entry corresponds to an insecure/incorrect implementation in Google Chrome’s Headless mode prior to 149.0.7827.115, where a renderer-compromised page could trigger a sandbox escape through a crafted HTML page. Affected software is Chrome/Chromium Headless; root cause is an inap...

CVE-2026-12023

CVE-2026-12023 is a use-after-free in the GPU code of Google Chrome for Mac, prior to version 149.0.7827.115. The flaw could be exploited by a remote attacker who had already compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. Affected software is Ch...

CVE-2026-12022

The vulnerability CVE-2026-12022 affects Google Chrome on macOS, where a race in Safe Browsing could allow a renderer‑process–hijacked attacker to escape the sandbox via a malicious file. The issue is tied to Chrome versions prior to 149.0.7827.115; evidence from ENISA/EUVD and Chrome security no...

CVE-2026-12024

CVE-2026-12024 affects Google Chrome DevTools with insufficient policy enforcement, allowing a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability is associated with Chrome prior to 149.0.7827.115. According to the connected sources, this is mitigated by up...

CVE-2026-12020

The CVE-2026-12020 entry concerns Google Chrome on macOS, where an Autofill use-after-free leads to possible heap corruption from a crafted HTML page. Affected product/version: Chrome on Mac prior to 149.0.7827.115. Root cause: use-after-free in Autofill (Chromium component) as described in the c...

CVE-2026-12019

The CVE-2026-12019 entry concerns a Heap buffer overflow in the Codecs component of Google Chrome on Linux/ChromeOS, prior to 149.0.7827.115. The issue could allow a remote attacker, after compromising the renderer process, to potentially perform a sandbox escape via a crafted HTML page. Affected...

CVE-2026-12018

CVE-2026-12018 affects Google Chrome on Windows: an “Inappropriate implementation” in Mojo allows local OS-level privilege escalation via a malicious file. The issue is tied to Chrome before build 149.0.7827.115. Impact is described as High severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,...

CVE-2026-12016

Affected software: Google Chrome (DevTools component). The CVE-2026-12016 entry describes an inappropriate implementation in DevTools that could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Root cause: insufficient inp...

CVE-2026-12017

Google Chrome extension component (Extensions) is affected by CVE-2026-12017. An insufficient input validation in the Extensions path allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Affected product: Google Chrome (Extensions). ...

CVE-2026-12013

CVE-2026-12013 is a Chromium use-after-free vulnerability in Media on Windows, reported as part of Google Chrome/Chromium family. The issue allows a remote attacker to potentially exploit heap corruption by delivering a crafted HTML page, with impact described as remote code execution or heap cor...

CVE-2026-12015

The CVE-2026-12015 entry describes a use-after-free in Chrome’s Autofill component handled in the renderer process. A remote attacker who can compromise the renderer could leverage a crafted HTML page to read potentially sensitive data from process memory. Affected software is Google Chrome (Auto...

CVE-2026-12014

CVE-2026-12014 affects Google Chrome’s Cast component. The issue is a use-after-free in Cast that, on devices on the local network, could enable a sandbox escape via crafted network traffic. Chrome mitigations rely on updating to the patched build (149.0.7827.115; Windows/Mac 149.0.7827.114/115; ...

CVE-2026-12011

Concisely: CVE-2026-12011 is a use-after-free in Chrome’s WebMIDI on Windows prior to 149.0.7827.115. This weakness could allow a renderer-compromised remote attacker to escape the sandbox via a crafted HTML page. The Chromium update (149.0.7827.114/115) fixes this issue; users should upgrade to ...

CVE-2026-12012

CVE-2026-12012 affects Google Chrome’s Network component. It is a Use-After-Free vulnerability that could allow heap corruption via malicious network traffic, with the impact described as High. A fixed build is Chrome 149.0.7827.115 (Windows/macOS; Linux fixed earlier in 149.0.7827.114/114). The ...

CVE-2026-12009

Affected software: Google Chrome on macOS. Vulnerability: Insufficient validation of untrusted input in Accessibility could allow a renderer-compromised attacker to escape the sandbox via a crafted HTML page. Root cause: input validation weakness in Accessibility feature. Impact: potential sandbo...

CVE-2026-12010

Heap buffer overflow in the GPU component of Google Chrome on Android (vulnerable before 149.0.7827.115) could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue affects Chrome on Android and is classified as Criti...

CVE-2026-12008

CVE-2026-12008 : In Google Chrome, a Use-after-free in DigitalCredentials (pre-149.0.7827.115) could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The Chrome Stable update (149.0.7827.114/115 for Windows/Mac; 149.0.7827...

CVE-2026-12007

CVE-2026-12007 is a use-after-free in Chrome's Core on Windows, caused by a vulnerability in the handling of crafted HTML pages. The issue affects Chrome prior to version 149.0.7827.115 and could allow a remote attacker to execute arbitrary code. Google’s June 2026 stable-channel update (149.0.78...

CVE-2026-44249

Netty CVE-2026-44249 details a subnet filter bypass in netty-handler due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Affected are Netty versions prior to 4.1.135.Final and 4.2.15.Final. An attacker could bypass IPv6 subnet restrictions, allowing valid public IPs to bypass...

CVE-2026-6250

The CVE-2026-6250 entry documents an authenticated format-string vulnerability in the ONVIF service of the TP-Link Tapo C110 v2. The issue arises from improper handling of user-controlled input, where externally controlled data is interpreted as a format string. This allows an authenticated remot...