PT-2026-47472

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in ViewTransitions, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free i...

PT-2026-47463

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in Views allows a remote attacker to execute arbitrary code when a user opens a crafted HTML page. Use after free is a memory corruption flaw that occurs...

PT-2026-47454

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Ozone allows a local attacker with physical access to the device to potentially exploit heap corruption. Use after free occurs when an application continues t...

PT-2026-47475

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free occurs when an application...

PT-2026-47491

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read in Dawn allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. An out of bounds read occurs when a program reads data past the...

PT-2026-47497

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Navigation allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occu...

PT-2026-47476

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory corruption flaw...

PT-2026-47462

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the Autofill component on Windows. A remote attacker can exploit heap corruption—a condition where memory is improperly managed on the heap—by convinci...

PT-2026-47493

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read occurs in WebRTC, which is a framework for real-time communication. This issue allows a remote attacker who has already compromised the GPU process to potentially...

PT-2026-47488

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A type confusion issue in bindings allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Type confusion occurs when a program...

PT-2026-47511

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description An inappropriate implementation in MediaCapture allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that initiated the request...

PT-2026-47503

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A race condition in the network process allows a remote attacker who has already compromised that process to potentially perform a sandbox escape. This is achieved through the u...

PT-2026-47518

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in Read Anything. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...

PT-2026-47523

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in the UI allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used...

PT-2026-47510

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the utility process to leak cross-origin data through the use of a crafted HTML...

PT-2026-47513

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Dawn allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free is a memory corruption flaw that occurs when ...

PT-2026-47524

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue exists in the Bluetooth component, which could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free ...

PT-2026-47505

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in Codecs. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...

PT-2026-47512

Name of the Vulnerable Software and Affected Versions Google Chrome on macOS versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in Dawn allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...

PT-2026-47526

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the Tracing component. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using ...

PT-2026-47483

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in Payments allows a remote attacker to execute arbitrary code through a crafted HTML page. Use after free is a memory corruption flaw that occurs when an...

PT-2026-47514

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An inappropriate implementation in SVG allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Recommendations Update to version 149.0.7827.10...

PT-2026-47465

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in Compositing allows a remote attacker to execute arbitrary code when a user opens a crafted HTML page. Use after free is a memory corruption flaw that...

PT-2026-47469

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in the Proxy component allows a remote attacker to execute arbitrary code through malicious network traffic. Use after free occurs when an application continues ...

PT-2026-47506

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in the Media component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free occurs when...

PT-2026-47459

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in the Bluetooth component allows a remote attacker to execute arbitrary code through a malicious peripheral. Use after free is a memory corruption flaw...

PT-2026-47516

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description An out of bounds read and write issue exists in the Media component. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code...

PT-2026-47458

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the TabStrip component. This allows a remote attacker to execute arbitrary code via a crafted HTML page if a user is convinced to perform specific UI...

PT-2026-47540

Name of the Vulnerable Software and Affected Versions strongSwan affected versions not specified Description An issue exists where strongSwan incorrectly handles the cloning of certain identities, leading to a double-free condition when destroying those cloned identities. A remote attacker could...

PT-2026-47347

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cow http struct hd:escape string/2 in cowlib only escapes and ", passing all other...

PT-2026-47277

Name of the Vulnerable Software and Affected Versions Check Point VPN affected versions not specified Description A weakness in the certificate validation logic of the deprecated IKEv1 Internet Key Exchange version 1 key exchange allows an unauthenticated man-in-the-middle attacker to bypass...

PT-2026-47168

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been release...

PT-2026-47169

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

PT-2026-47170

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

PT-2026-47175

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN 0042e200 of the file /cgi-bin/glc of the component SET USER PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version...

PT-2026-47176

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

PT-2026-47174

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media dir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

PT-2026-47173

$1,000 of compute found 21 zero-days in FFmpeg. An autonomous agent called depthfirst scanned roughly 1.5 million lines of C, then wrote a reproducible proof-of-concept for every bug it reported. The shift is that second half. Not a list of suspicious lines for a human to chase, but 21 crashing...

PT-2026-47172

An autonomous AI security agent just found 21 zero-days in FFmpeg for $1,000. Some were 23 years old. All came with working PoCs. CVE-2026-39210 through 39218 assigned. 12 more fixed, not yet numbered. This is what commodity AI vulnerability research https://t.co/zpeiwGSVQh https://t.co/ad6T1JxzD...

PT-2026-47178

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf dump systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly...

PT-2026-47179

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

PT-2026-47180

A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...

PT-2026-47177

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions prior to 0.8.3 Description Command injection is possible via the mermaid.path argument in the check cmd exists function located in the metagpt/utils/common.py file. This issue allows a remote attacker to execu...

PT-2026-47182

Name of the Vulnerable Software and Affected Versions SecureAge CatchPulse versions prior to 10.9.2 Description An issue exists in the IOCTL Handler component within the saappctl.sys library. A flaw in an unknown function allows for information disclosure, requiring local access to be exploited...

PT-2026-47183

Name of the Vulnerable Software and Affected Versions Comodo Internet Security affected versions not specified Description The firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value, derived from the IPv6...

PT-2026-47184

These are all security issues fixed in the rclone-1.74.3-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-47187

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

PT-2026-47195

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.3 Description An information disclosure issue exists in the User List Endpoint. The manipulation of the salt argument within the queryPageList function of the...

PT-2026-47190

Name of the Vulnerable Software and Affected Versions BeikeShop versions prior to 1.6.0.22 Description Improper authorization exists in the Stripe Plugin component. A remote attacker can manipulate the Request argument within the callback function of the file...