1byte-react-design (>=1.7.1 <=1.14.0), @agentscope-ai/chat (>=1.1.43 <=1.1.63-beta.1778041790294) +300 more potentially affected by unknown CVE via @antv/g-lite (>=2.0.0 <=2.7.0)

@antv/g-lite NPM version =2.0.0, =1.7.1, =1.1.43, =5.0.48, =1.0.1, =1.0.4, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =2.0.0, =0.5.6, =6.0.0, =2.0.0, =2.0.45 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3921...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20372-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20372-1 advisory. Changes in chromium: - Chromium 146.0.7680.80: CVE-2026-3909: Out of bounds write in Skia boo1259659 - Chromium 146.0.7680.75 released 2026-03-1...

CVE-2026-3921 vulnerabilities

Vulnerabilities for packages: chromium...

SUSE CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3921

creationtimestamp| type| source ---|---|--- 2026-03-12 01:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260312 2026-03-12 22:00:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgvfldg3v42s 2026-03-16 00:00:00+00:00|...

Linux Distros Unpatched Vulnerability : CVE-2026-3921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 146 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 146.0.7680.71 Linux 146.0.7680.71/72 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...

EUVD-2026-3921

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through = 5.7.5...

EUVD-2019-3921

Malware in sbrugna...

CVE-2021-3921

firefly-iii is vulnerable to Cross-Site Request Forgery CSRF...

CVE-2025-3921

creationtimestamp| type| source ---|---|--- 2025-05-07 02:21:35+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15242 2025-05-07 04:26:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lokkl3w4ug2h 2025-05-07 05:31:29+00:00| seen|...

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...

CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...

WordPress PeproDev Ultimate Profile Solutions plugin 1.9.1-7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update

Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update vulnerability discovered by kr0d in WordPress Plugin PeproDev Ultimate Profile Solutions versions 1.9.1-7.5.2...

CVE-2024-3921 Gianism <= 5.1.0 - Admin+ Stored XSS

The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3921

CVE-2024-3921 (Gianism) affects Gianism WordPress plugin up to version 5.1.0. It enables Admin+ Stored XSS due to insufficient sanitisation/escaping of certain settings, potentially allowing admin users to execute scripts even when unfiltered_html is disallowed. The Patchstack entry notes a fix i...

CVE-2024-3921 Gianism <= 5.1.0 - Admin+ Stored XSS

The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...