OPENSUSE-SU-2026:20460-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.177 boo1261249 CVE-2026-5273: Use after free in CSS CVE-2026-5272: Heap buffer overflow in GPU CVE-2026-5274: Integer overflow in Codecs CVE-2026-5275: Heap buffer overflow in ANGLE CVE-2026-5276:...

CVE-2026-5285

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-5285

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-5285

CVE-2026-5285 is a use-after-free vulnerability in WebGL of Google Chrome versions prior to 146.0.7680.178 that could allow a remote attacker to run arbitrary code inside the sandbox via a crafted HTML page. The connected Chrome release notes state the fix shipped in the 146.0.7680.177/178 Stable...

Linux Distros Unpatched Vulnerability : CVE-2026-5285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2026-5285

creationtimestamp| type| source ---|---|--- 2026-03-31 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0385/ 2026-04-01 08:05:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3migaatlzxf22 2026-04-01 18:00:00+00:00| seen|...

CVE-2025-5285

creationtimestamp| type| source ---|---|--- 2025-05-31 07:12:07+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqh6ziybx7d2 2025-05-31 11:52:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqhopnjuiu2m...

CVE-2025-5285 Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter

The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5285 Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter

The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5285

CVE-2025-5285 targets the WordPress plugin Product Subtitle for WooCommerce. The vulnerability is a Stored Cross-Site Scripting via the htmlTag parameter in all versions up to and including 1.3.9, exploitable by authenticated users with Contributor-level access and above to inject scripts on page...

WordPress Product Subtitle for WooCommerce plugin <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via htmlTag Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Product Subtitle for WooCommerce versions = 1.3.9...

CVE-2023-5285

A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...

CVE-2020-5285

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with back parameter. The problem is fixed in 1.7.6.5...

CVE-2011-5285

Multiple cross-site scripting XSS vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via 1 the ActionType parameter to Bug.php, the ReportMode parameter to 2 Report.php or 3 ReportLeft.php, or the PATHINFO to 4 AdminProjectList.php, 5 AdminGroupList.php...

CVE-2024-5285

creationtimestamp| type| source ---|---|--- 2024-07-29 08:45:47+00:00| seen| https://t.me/cvedetector/1805...

CVE-2024-5285 WP Affiliate Platform < 6.5.2 - Affiliate Deletion via CSRF

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack...

WordPress Affiliate Manager Plugin < 6.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.2 Fixed in 6.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5285 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f621215a2f69 Credits Bob Matyas Required...

CGA-5285-FF8X-7RX3

Bulletin has no description...

CVE-2016-5285

creationtimestamp| type| source ---|---|--- 2024-02-20 15:51:16+00:00| seen| https://t.me/ctinow/188629...

CVE-2023-5285

creationtimestamp| type| source ---|---|--- 2023-09-30 00:38:05+00:00| seen| https://t.me/cibsecurity/71339 2025-07-23 21:02:24+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lunw55dk6d2c...