Linux Distros Unpatched Vulnerability : CVE-2026-12437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially...

CVE-2026-12437

creationtimestamp| type| source ---|---|--- 2026-06-16 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1925 2026-06-17 01:56:44+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-google-chrome-56 2026-06-17 23:39:54+00:00| seen|...

CVE-2018-12437

creationtimestamp| type| source ---|---|--- 2026-04-21 19:25:24+00:00| seen| Telegram/IV3XUTumqBvhxDGxYKmJv890gnK1hu13PgwZ6nuJXKkSo...

CVE-2025-15638 Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437...

PT-2026-33994

Name of the Vulnerable Software and Affected Versions Net::Dropbear versions prior to 0.14 Description Net::Dropbear for Perl contains a vulnerable version of libtomcrypt, specifically including versions of Dropbear 2019.78 or earlier. Recommendations Update Net::Dropbear to version 0.14 or later...

CVE-2025-12437

Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2025-12437

Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-12437

The connected documents confirm a concrete vulnerability: Use-after-free in PageInfo in Google Chrome/chromium before 142.0.7444.59. A remote attacker could exploit heap corruption by persuading a user to perform specific UI gestures against a crafted HTML page. Affected software: Google Chrome/C...

CVE-2025-12437

creationtimestamp| type| source ---|---|--- 2025-11-03 08:30:48+00:00| seen| https://gist.github.com/Darkcrai86/558c7a72853f275608e30f5bd70b5fc0...

Chromium: CVE-2025-12437 Use after free in PageInfo

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2024-12437

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-12437

creationtimestamp| type| source ---|---|--- 2025-01-07 06:46:27+00:00| seen| https://infosec.exchange/users/cve/statuses/113785725707848489 2025-01-07 07:15:58+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5445onan2m 2025-01-07 07:15:58+00:00| seen|...

CVE-2024-12437 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

GLSA-202007-53 : Dropbear: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-53 Dropbear: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...

CVE-2019-12437

CVE-2019-12437 affects SilverStripe up to 4.3.3, where the prior fix for SS-2018-007 does not fully mitigate CSRF in GraphQL mutations. Connected sources (GHSA/OSV/Red Hat) indicate this CSRF protection was not complete and fixes exist in SilverStripe GraphQL at versions 2.0.5 and 3.1.2. Remediat...

CVE-2019-12437: Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12437...

Fedora Update for libtomcrypt FEDORA-2018-39e0872379

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

CVE-2018-12437

CVE-2018-12437 affects LibTomCrypt up to 1.18.1, enabling a memory-cache side-channel attack to extract ECDSA keys when an attacker has local access or co-residency on the same host. Mitigation in affected packages is to upgrade LibTomCrypt (e.g., Fedora/Mageia advisories show fixes in 1.18.2+) t...