π¨ CVE-2026-13035
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)
π@cveNotify
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and 149.0.7827.196 for Linux, which will roll out over the co...
π¨ CVE-2026-13036
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and 149.0.7827.196 for Linux, which will roll out over the co...
π¨ CVE-2026-13037
Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and 149.0.7827.196 for Linux, which will roll out over the co...
π¨ CVE-2026-13038
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and 149.0.7827.196 for Linux, which will roll out over the co...
π¨ CVE-2026-39893
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the configured guest user), so the SQLi was reachable pre-auth on installs with guest viewing enabled. This issue was fixed in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the configured guest user), so the SQLi was reachable pre-auth on installs with guest viewing enabled. This issue was fixed in version 1.2.31.
π@cveNotify
GitHub
security: consolidated defense-in-depth hardening (1.2.x) by somethingwithproof Β· Pull Request #7039 Β· Cacti/cacti
Summary
Consolidated 1.2.x defense-in-depth hardening across command execution, path handling, CSV export safety, session headers, and sensitive-log redaction.
This PR is the kept 1.2.x hardening b...
Consolidated 1.2.x defense-in-depth hardening across command execution, path handling, CSV export safety, session headers, and sensitive-log redaction.
This PR is the kept 1.2.x hardening b...
π¨ CVE-2026-39897
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31.
π@cveNotify
GitHub
security: fix XSS and open redirect in auth and UI pages (1.2.x backp⦠· Cacti/cacti@7c544ea
β¦ort) (#6910)
- Validate Referer host before using in Location header (auth_changepassword.php, link.php)
- Encode return target via json_encode in JS onClick handler (auth_changepassword.php)
- E...
- Validate Referer host before using in Location header (auth_changepassword.php, link.php)
- Encode return target via json_encode in JS onClick handler (auth_changepassword.php)
- E...
π¨ CVE-2026-52794
Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2.
π@cveNotify
Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume disproportionate CPU time. This vulnerability is fixed in 26.5.2.
π@cveNotify
GitHub
fix(grouping): Fix hostname regex bugs, take 2 by lobsterkatie Β· Pull Request #116587 Β· getsentry/sentry
Our current hostname regex (used when parameterizing messages for grouping) doesn't account for the fact that you can now use practically anything as your top-level domain (the great part o...
π¨ CVE-2026-54069
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empty AccessAuthCode on desktop installs, any Chrome/Chromium extension -- including a compromised legitimate extension via supply chain attack -- can make fully authenticated admin API calls to the SiYuan kernel at 127.0.0.1:6806, enabling data exfiltration, stored XSS injection, and configuration tampering. This vulnerability is fixed in 3.7.0.
π@cveNotify
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empty AccessAuthCode on desktop installs, any Chrome/Chromium extension -- including a compromised legitimate extension via supply chain attack -- can make fully authenticated admin API calls to the SiYuan kernel at 127.0.0.1:6806, enabling data exfiltration, stored XSS injection, and configuration tampering. This vulnerability is fixed in 3.7.0.
π@cveNotify
GitHub
Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist
## Summary
SiYuan Note's kernel HTTP server unconditionally trusts all `chrome-extension://` origins, granting `RoleAdministrator` access to every installed browser extension without any aut...
SiYuan Note's kernel HTTP server unconditionally trusts all `chrome-extension://` origins, granting `RoleAdministrator` access to every installed browser extension without any aut...
π¨ CVE-2026-55570
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is produced with JSON.stringify() (which does not escape ', <, or >), a package whose name contains a single quote breaks out of the attribute and injects arbitrary HTML. In the desktop client the main BrowserWindow runs with nodeIntegration: true, contextIsolation: false, so the injected markup escalates from DOM XSS to arbitrary OS command execution. This is the same root cause and same impact as the original advisory, reached through a sibling sink the patch did not cover. This vulnerability is fixed in 3.7.0.
π@cveNotify
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is produced with JSON.stringify() (which does not escape ', <, or >), a package whose name contains a single quote breaks out of the attribute and injects arbitrary HTML. In the desktop client the main BrowserWindow runs with nodeIntegration: true, contextIsolation: false, so the injected markup escalates from DOM XSS to arbitrary OS command execution. This is the same root cause and same impact as the original advisory, reached through a sibling sink the patch did not cover. This vulnerability is fixed in 3.7.0.
π@cveNotify
GitHub
Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (incomplete fix for GHSA-27qc-m5gfβ¦
## Summary
The fix for **GHSA-27qc-m5gf-jv5r** ("Bazaar marketplace stored XSS") is incomplete. It HTML-escapes the
*visible text* fields of a marketplace package (`name`, `version`, ...
The fix for **GHSA-27qc-m5gf-jv5r** ("Bazaar marketplace stored XSS") is incomplete. It HTML-escapes the
*visible text* fields of a marketplace package (`name`, `version`, ...
π¨ CVE-2026-39899
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.
π@cveNotify
GitHub
security: fix XSS, path traversal, open redirect, and IDOR (1.2.x backport) by somethingwithproof Β· Pull Request #6899 Β· Cacti/cacti
Summary
Backport of #6896 to 1.2.x.
Apply html_escape() to SNMP legend headers and report tree titles
Add validate_path_within() and validate_relative_path_within() helpers
Guard report format_fil...
Backport of #6896 to 1.2.x.
Apply html_escape() to SNMP legend headers and report tree titles
Add validate_path_within() and validate_relative_path_within() helpers
Guard report format_fil...
π¨ CVE-2026-39900
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31.
π@cveNotify
GitHub
feat(security): architectural security helpers β eliminate vulnerabilβ¦ Β· Cacti/cacti@891344a
β¦ity classes at root (#7054)
* feat(security): add cacti_exec shell execution gateway
Centralized shell command gateway routing all execution through
cacti_exec() with argv-array input, per-argum...
* feat(security): add cacti_exec shell execution gateway
Centralized shell command gateway routing all execution through
cacti_exec() with argv-array input, per-argum...
π¨ CVE-2026-39938
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.
π@cveNotify
GitHub
fix(security): validate graph_theme with basename() to prevent LFI (#β¦ Β· Cacti/cacti@9871f0c
β¦6966)
Apply basename() and reject '.', '..', empty values by falling
back to the selected theme.
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Apply basename() and reject '.', '..', empty values by falling
back to the selected theme.
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
π¨ CVE-2026-39948
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses in lib/html_graph.php and lib/html_tree.php, which are reachable pre-authentication through graph_view.php on installations with guest graph viewing enabled. Because the unbalanced-quote payload bypasses the regex validation that would otherwise reject it, an unauthenticated attacker can inject arbitrary SQL to compromise the confidentiality, integrity, and availability of the database. This advisory is similar to GHSA-69gg-mjfm-jjpc. This issue has been fixed in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses in lib/html_graph.php and lib/html_tree.php, which are reachable pre-authentication through graph_view.php on installations with guest graph viewing enabled. Because the unbalanced-quote payload bypasses the regex validation that would otherwise reject it, an unauthenticated attacker can inject arbitrary SQL to compromise the confidentiality, integrity, and availability of the database. This advisory is similar to GHSA-69gg-mjfm-jjpc. This issue has been fixed in version 1.2.31.
π@cveNotify
GitHub
security: harden SQL query construction against injection (1.2.x back⦠· Cacti/cacti@136ae6e
β¦port) (#6897)
* security: harden SQL query construction against injection (1.2.x backport)
Backport of develop PR #6894 to 1.2.x.
Add db_qstr_rlike() helper to lib/database.php that safely quot...
* security: harden SQL query construction against injection (1.2.x backport)
Backport of develop PR #6894 to 1.2.x.
Add db_qstr_rlike() helper to lib/database.php that safely quot...
π¨ CVE-2026-39955
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.
π@cveNotify
GitHub
security: consolidated defense-in-depth hardening (1.2.x) (#7039) Β· Cacti/cacti@4c09efa
Cacti β’. Contribute to Cacti/cacti development by creating an account on GitHub.
π¨ CVE-2025-60473
A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
π@cveNotify
A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
π@cveNotify
GitHub
Fixed #3285 Β· gpac/gpac@b8d80b4
GPAC Ultramedia OSS for Video Streaming & Next-Gen Multimedia Transcoding, Packaging & Delivery - Fixed #3285 Β· gpac/gpac@b8d80b4
π¨ CVE-2026-39951
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.
π@cveNotify
GitHub
security: consolidated defense-in-depth hardening (1.2.x) (#7039) Β· Cacti/cacti@4c09efa
Cacti β’. Contribute to Cacti/cacti development by creating an account on GitHub.
π¨ CVE-2026-40079
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built by rrdtool_function_graph() is passed through this function and then to shell_exec($full_commandline). The risk is in __rrd_execute() where text_format values from graph templates (which may contain host variable substitutions) reach shell_exec without adequate escaping. This issue has been addressed in version 1.2.31.
π@cveNotify
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built by rrdtool_function_graph() is passed through this function and then to shell_exec($full_commandline). The risk is in __rrd_execute() where text_format values from graph templates (which may contain host variable substitutions) reach shell_exec without adequate escaping. This issue has been addressed in version 1.2.31.
π@cveNotify
GitHub
security: consolidated defense-in-depth hardening (1.2.x) (#7039) Β· Cacti/cacti@4c09efa
Cacti β’. Contribute to Cacti/cacti development by creating an account on GitHub.
π¨ CVE-2026-40209
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors.
π@cveNotify
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors.
π@cveNotify
π¨ CVE-2026-40210
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
π@cveNotify
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
π@cveNotify
π¨ CVE-2026-2815
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
π@cveNotify
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
π@cveNotify
GitHub
GitHub - SiliconLabsSoftware/sisdk-release: Simplicity GA release repo
Simplicity GA release repo. Contribute to SiliconLabsSoftware/sisdk-release development by creating an account on GitHub.
π¨ CVE-2026-41120
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
π@cveNotify
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
π@cveNotify