176990 matches found
PT-2026-41114
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.168 Description An inappropriate implementation in Media allows a remote attacker who has compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. An ou...
PT-2026-41111
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An object lifecycle issue in Dawn allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update to versi...
PT-2026-41094
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An inappropriate implementation in Downloads allows an attacker to perform UI spoofing via a crafted Chrome Extension, provided they can convince a user to install a malicious...
PT-2026-41046
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An object lifecycle issue in WebShare allows a remote attacker to execute arbitrary code via a crafted HTML page, provided they can convince a user to perform specific UI...
PT-2026-41115
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An inappropriate implementation in Chromoting allows a local attacker to bypass discretionary access control, which is a type of security mechanism that restricts access to objects bas...
PT-2026-41092
Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 148.0.7778.168 Description Insufficient policy enforcement in the IFrame Sandbox allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update Google...
PT-2026-41099
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A type confusion issue in V8 allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Type confusion occurs when a program...
PT-2026-41058
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A heap buffer overflow in Codecs allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted video file. A heap buffer overflow occurs when a program writes...
PT-2026-41103
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Core on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Use aft...
PT-2026-41089
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A heap buffer overflow in SwiftShader allows a remote attacker to perform an out-of-bounds memory read by using a crafted HTML page. A heap buffer overflow occurs when a program writes...
PT-2026-41078
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Media allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...
PT-2026-41075
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out-of-bounds read in the GPU allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML...
PT-2026-41095
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Insufficient policy enforcement in Payments allows a remote attacker to bypass discretionary access control, which is a mechanism that restricts access to objects based on t...
PT-2026-41097
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient policy enforcement in AI allows a remote attacker who has compromised the renderer process to bypass Site Isolation, a security feature that ensures websites are loaded in...
PT-2026-41061
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An integer overflow in the XML component allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Recommendations Update to version...
PT-2026-41056
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in Downloads allows a remote attacker to execute arbitrary code via a crafted HTML page. Recommendations Update to version 148.0.7778.168 or...
PT-2026-41052
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue exists in Mojo. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially craft...
PT-2026-41064
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out of bounds read in the Media component allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using ...
PT-2026-41081
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description A heap buffer overflow in the GPU allows a remote attacker to perform an out-of-bounds memory write by using a crafted HTML page. A heap buffer overflow occurs when a progra...
PT-2026-41077
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out-of-bounds write in the Media component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. An...
PT-2026-41070
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out of bounds read in the UI allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using a crafted HTM...
PT-2026-41085
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An inappropriate implementation in ANGLE Almost Native Graphics Layer Engine, an abstraction layer that translates WebGL calls to native graphics APIs allows a remote attacker who has...
PT-2026-41088
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An integer overflow in the Internationalization component allows a remote attacker to perform an out-of-bounds memory write by inducing the user to visit a crafted HTML page. An...
PT-2026-41096
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An integer overflow in ANGLE on Windows allows a remote attacker to perform an out-of-bounds memory write by inducing the user to open a crafted HTML page. An integer overflow occurs...
PT-2026-41084
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in GTK allows a remote attacker to execute arbitrary code by inducing the user to open a crafted HTML page. Recommendations Update to version 148.0.7778.168 or...
PT-2026-41076
Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 148.0.7778.168 Description Insufficient policy enforcement in Passwords allows a remote attacker who has compromised the renderer process to perform privilege escalation via a crafted HTML page...
PT-2026-41073
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Media allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...
PT-2026-41049
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A race condition in the Payments component allows a remote attacker to potentially achieve a sandbox escape by using a specially crafted HTML page. A sandbox escape is a technique used...
PT-2026-41066
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient policy enforcement in ViewTransitions allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version...
PT-2026-41112
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Insufficient policy enforcement in WebXR allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory vi...
PT-2026-41063
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An integer overflow in the GPU component allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially crafted...
PT-2026-41107
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 148.0.7778.168 Description An out of bounds read in the GPU allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. An out of bounds read...
PT-2026-41090
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Incorrect security UI in Fullscreen allows a remote attacker to perform UI spoofing via a crafted HTML page. Recommendations Update to version 148.0.7778.168 or later...
PT-2026-41093
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Incorrect security UI in Downloads allows a remote attacker to perform UI spoofing via a crafted HTML page. Recommendations Update to version 148.0.7778.168 or later...
PT-2026-41113
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.168 Description An inappropriate implementation in Views allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. UI spoofing is a...
PT-2026-41116
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description A use after free issue exists in Extensions, where a use after free occurs when memory is accessed after it has been freed by the system. This allows an attacker to execute...
PT-2026-41069
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A type confusion issue in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Type confusion occurs when a program accesses a...
PT-2026-41050
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Tab Groups allows a remote attacker to execute arbitrary code via malicious network traffic. Use after free is a memory corruption flaw that occurs when an...
PT-2026-41101
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the renderer process to leak cross-origin data using a crafted HTML pag...
PT-2026-41108
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to perform an out of bounds memory write via a crafted print file...
PT-2026-41083
Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 148.0.7778.168 Description Type confusion in ANGLE allows a remote attacker who has compromised the renderer process to perform an out of bounds memory write by using a crafted HTML page. Type confusi...
PT-2026-41098
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An out of bounds write in Codecs allows a remote attacker to potentially perform a sandbox escape by using a crafted video file. A sandbox escape is a technique used to break ou...
PT-2026-41018
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT DISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
PT-2026-41175
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.5.7 Description An issue exists where a user can modify another user's model regardless of whether its visibility is set to Private. By altering access permissions during the editing process, unauthorized access...
PT-2026-41123
Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The substitute utcp args function in cli communication protocol.py inserts user-controlled tool args values directly into shell command strings without sanitization or escaping. These commands ar...
PT-2026-41036
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions 2.40.0 through 2.40.x Portainer Community Edition versions prior to 2.33.0 Description...
PT-2026-40861
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.6 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper authorization checks allow an authenticated user with developer-role permissions to bypass...
PT-2026-41126
Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 - 122 Description An SQL Injection SQLi issue exists in the authenticated admin endpoint "admin area/action logs.php". The endpoint processes the type parameter, which is passed to the fetch action logs...
PT-2026-41172
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF bypass exists in the validate url function located in backend/open webui/retrieval/web/utils.py. The function calls validators.ipv6ip, private=True, but because...
PT-2026-41162
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description The profile image url field on the user profile update form accepts arbitrary data: URI values without MIME-type validation, leading to Cross-Site Scripting XSS. This occurs because the applicatio...