π¨ CVE-2026-11535
The authentication mechanism of a certain function in the PcSuite has a defect, which may result in information leakage within the range of a Bluetooth connection.
π@cveNotify
The authentication mechanism of a certain function in the PcSuite has a defect, which may result in information leakage within the range of a Bluetooth connection.
π@cveNotify
π¨ CVE-2026-12058
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
π@cveNotify
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
π@cveNotify
π1
π¨ CVE-2026-46489
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every page of the application, causing stored cross-site scripting (XSS) that executes in every authenticated user's browser. This issue has been patched in version 2.3.17.
π@cveNotify
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every page of the application, causing stored cross-site scripting (XSS) that executes in every authenticated user's browser. This issue has been patched in version 2.3.17.
π@cveNotify
GitHub
Validate logo uploads to prevent stored XSS via SVG Β· SolidInvoice/SolidInvoice@8196c64
Restrict ImageUploadType to JPEG, PNG, GIF, and WebP using Symfony's
File constraint, and verify the upload with getimagesize() to reject
non-image payloads. SVG is explicitly excluded beca...
File constraint, and verify the upload with getimagesize() to reject
non-image payloads. SVG is explicitly excluded beca...
π¨ CVE-2026-11535
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victimβs device.
π@cveNotify
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victimβs device.
π@cveNotify
π¨ CVE-2026-11848
The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information.
π@cveNotify
The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information.
π@cveNotify
π¨ CVE-2026-11849
The
iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.
π@cveNotify
The
iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.
π@cveNotify
π¨ CVE-2026-9266
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effective protection. An attacker with invasive physical access to the device can still capture TPM communications on the SPI bus and derive the LUKS disk encryption key in plaintext. While successful exploitation results in full compromise of the encrypted disk volume, the attack requires invasive physical access, including opening the device and attaching external equipment to the SPI bus. Remote exploitation is not possible, and the attack does not affect any downstream systems.
π@cveNotify
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effective protection. An attacker with invasive physical access to the device can still capture TPM communications on the SPI bus and derive the LUKS disk encryption key in plaintext. While successful exploitation results in full compromise of the encrypted disk volume, the attack requires invasive physical access, including opening the device and attaching external equipment to the SPI bus. Remote exploitation is not possible, and the attack does not affect any downstream systems.
π@cveNotify
Moxa
CVE-2026-9266: Missing Required Cryptographic Step Vulnerability in Industrial Computers | Moxa
π¨ CVE-2025-43339
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.
π@cveNotify
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.
π@cveNotify
Apple Support
About the security content of macOS Tahoe 26.1 - Apple Support
This document describes the security content of macOS Tahoe 26.1.
π¨ CVE-2025-46293
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
π@cveNotify
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.4 - Apple Support
This document describes the security content of macOS Sequoia 15.4.
π¨ CVE-2025-46308
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.
π@cveNotify
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.
π@cveNotify
Apple Support
About the security content of iOS 18.4 and iPadOS 18.4 - Apple Support
This document describes the security content of iOS 18.4 and iPadOS 18.4.
π¨ CVE-2025-46315
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
π@cveNotify
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
π@cveNotify
Apple Support
About the security content of macOS Tahoe 26.1 - Apple Support
This document describes the security content of macOS Tahoe 26.1.
π¨ CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
π@cveNotify
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
π@cveNotify
π¨ CVE-2026-26239
A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5208 and later
π@cveNotify
A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5208 and later
π@cveNotify
π¨ CVE-2026-26240
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
π@cveNotify
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
π@cveNotify
π¨ CVE-2026-26241
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
π@cveNotify
A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5243 and later
π@cveNotify
π¨ CVE-2025-24268
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
π@cveNotify
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.4 - Apple Support
This document describes the security content of macOS Sequoia 15.4.
π¨ CVE-2025-24284
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.
π@cveNotify
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.4 - Apple Support
This document describes the security content of macOS Sequoia 15.4.
π¨ CVE-2026-12007
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-12008
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-12009
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-12010
Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...