PT-2026-46597

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Cast component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document o...

PT-2026-46620

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in DevTools allows an attacker to perform privilege escalation. This occurs when a user is convinced to install a crafted malicious Chrome Extension...

PT-2026-46418

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read in ANGLE allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. An out of bounds read...

PT-2026-46614

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Dawn allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox by using a crafted HTML page...

PT-2026-46617

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in Media allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using a crafted HTML...

PT-2026-46714

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Glic allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update to version 149.0.7827.53 or later...

PT-2026-46684

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Script injection in the Accessibility component allows an attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, which is a vulnerability that...

PT-2026-46413

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in Chromecast. This allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape by using a crafted HT...

PT-2026-46726

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in WebRTC allows an attacker in a privileged network position to leak cross-origin data through the use of malicious network traffic. Recommendations...

PT-2026-46698

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in Blink allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. An integer overflow occurs when an arithmetic...

PT-2026-46718

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds memory access issue exists in ANGLE, a compatibility layer between OpenGL ES and native graphics APIs. This flaw allows a remote attacker to potentially perform out of...

PT-2026-46721

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Network component allows a remote attacker to leak cross-origin data, which is information from a different domain than the one that initiated the...

PT-2026-45875

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description Functions within the net/textproto package include input as part of the error when returning errors. This behavior allows an attacker to inject misleading content into errors that are subsequently...

PT-2026-46537

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in WebAppInstalls allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...

PT-2026-45874

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Decoding a maliciously-crafted MIME header containing many invalid encoded-words can lead to excessive CPU consumption. Recommendations At the moment, there is n...

PT-2026-46737

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source high-performance JavaScript a...

PT-2026-45726

Name of the Vulnerable Software and Affected Versions Tiled Gallery Carousel Without JetPack versions prior to 3.2 Description The plugin is subject to stored cross-site scripting due to insufficient input sanitization and output escaping. Authenticated attackers with contributor level access or...

PT-2026-46550

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the GPU component on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via ...

PT-2026-46441

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Extensions allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanis...

PT-2026-46596

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in WebSockets, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a crafted HTML page. Use after free is a memory...

PT-2026-46495

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Codecs allows a remote attacker to potentially perform a sandbox escape by using a crafted video file. A sandbox escape is a technique used to break o...

PT-2026-46455

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in the Cast component. This allows an attacker located on the same local network segment to execute arbitrary code by sending malicious network traffic...

PT-2026-46700

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds write occurs in V8, the JavaScript and WebAssembly engine. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code with...

PT-2026-46819

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Blink allows a remote attacker to bypass the content security policy CSP, which is a security layer that helps detect and mitigate certain types of...

PT-2026-46632

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the WebUI allows a remote attacker who has compromised the renderer process to leak cross-origin data through the use of a crafted HTML pag...

PT-2026-46579

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Use after free is a memory corruption flaw that...

PT-2026-45873

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.25-1.25.11-1.1 Go versions prior to 1.26-1.26.4-1.1 Description Inefficient candidate hostname parsing occurs in the crypto/x509 package. The x509.Certificate.VerifyHostname function previously called matchHostnames in a...

PT-2026-46538

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in the USB component on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corrupti...

PT-2026-46542

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from...

PT-2026-46437

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in FullScreen on Windows. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...

PT-2026-46485

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in the MimeHandlerView component. This allows a remote attacker to execute arbitrary code within a sandbox by inducing the user to open a specially crafted...

PT-2026-46682

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in CSS allows a remote attacker to leak cross-origin data, which is information from a different domain than the one serving the page, by using a crafted...

PT-2026-46706

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Opaque Response Blocking ORB, a mechanism used to prevent cross-origin leaks of sensitive data, allows a remote attacker to bypass site isolation by...

PT-2026-46811

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Side-channel information leakage in PerformanceAPIs allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version...

PT-2026-46037

Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.26 MariaDB server versions 10.11.1 through 10.11.17 MariaDB server versions 11.4.1 through 11.4.11 MariaDB server versions 11.8.1 through 11.8.7 MariaDB server version 12.3.1 Description During the...

PT-2026-46039

Name of the Vulnerable Software and Affected Versions MariaDB versions prior to 11.8.8 MariaDB versions prior to 11.4.12 MariaDB versions prior to 10.11.18 MariaDB versions prior to 10.6.27 Description A security issue exists in MariaDB. Technical details regarding the exploitation of this flaw a...

PT-2026-46038

Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.26 MariaDB server versions 10.11.1 through 10.11.17 MariaDB server versions 11.4.1 through 11.4.11 MariaDB server versions 11.8.1 through 11.8.7 MariaDB server version 12.3.1 Description A...

PT-2026-45746

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

PT-2026-45797

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure...

PT-2026-45735

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...

PT-2026-46832

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in PDFium allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted PDF file. Use after free is a memory corruption flaw th...

PT-2026-45713

Name of the Vulnerable Software and Affected Versions Laiser Tag versions prior to 1.2.6 Description The Laiser Tag plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into executing unwanted actions. This occurs due to missing or incorrect...

PT-2026-45830

wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically after message receiv...

PT-2026-45831

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

PT-2026-46549

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Extensions allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that requested it, by using a crafte...

PT-2026-07: Local Privilege Escalation Vulnerability in the Linux Kernel (Copy Fail)

This security advisory provides information regarding a Linux kernel vulnerability, CVE-2026-31431 , informally known as Copy Fail. This vulnerability allows for local privilege escalation to the superuser root level and affects the Linux kernel module: algifaead. Vulnerability status : PT NGFW i...

PT-2026-08: Local Privilege Escalation Vulnerabilities in the Linux Kernel (Dirty Frag)

This security advisory provides information regarding Linux kernel vulnerabilities: CVE-2026-43284 and CVE-2026-43500 , informally known as Dirty Frag. These vulnerabilities allow for local privilege escalation to the superuser root level and affect the Linux kernel modules: esp4 , esp6 and rxrpc...

PT-2026-48122

Name of the Vulnerable Software and Affected Versions @agenticmail/mcp versions prior to 0.9.27 Description When started with the --http flag or the MCP HTTP=1 variable, the software exposes a Streamable HTTP transport. In this mode, the '/mcp' endpoint accepts requests without an HTTP...

PT-2026-48583

Уязвимость метода onServiceConnected операционных систем Android вызвана ситуацией гонки. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии...

PT-2026-48694

Several soundness violations exist in the Rust bindings for MetaCall, indicatively: MetaCallException::Clone: Clone is dangerous because it creates a second Rust object that still points to the same foreign MetaCall value, but does not actually own or keep that value alive. value is shallow copie...