OPENSUSE-SU-2026:20460-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.177 boo1261249 CVE-2026-5273: Use after free in CSS CVE-2026-5272: Heap buffer overflow in GPU CVE-2026-5274: Integer overflow in Codecs CVE-2026-5275: Heap buffer overflow in ANGLE CVE-2026-5276:...

Chromium: CVE-2026-5287 Use after free in PDF

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-5287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file...

CVE-2026-5287

creationtimestamp| type| source ---|---|--- 2026-03-31 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0385/ 2026-04-01 08:31:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3migbohq76h2o 2026-04-01 18:00:00+00:00| seen|...

MINI-5287-6773-PGGW

Bulletin has no description...

Exploit for CVE-2025-5287

Description: It is an exploit code that works for multiple...

CVE-2025-5287

creationtimestamp| type| source ---|---|--- 2025-05-28 13:47:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqadpgo5me2k 2025-06-02 10:47:01+00:00| published-proof-of-concept| https://t.me/proxybar/2630 2025-06-02 11:56:16+00:00| published-proof-of-concept|...

CVE-2025-5287 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2023-5287

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admincontenttag.php?action=savecontent. The manipulation of the argument tag leads to cross site scripting. It is possible to initiate the attac...

CVE-2020-5287

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5...

CVE-2019-5287

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193C00E190R2P1 have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters ...

CVE-2016-5287

creationtimestamp| type| source ---|---|--- 2025-03-19 13:54:17+00:00| seen| https://gist.github.com/makeforfun/85ab01bc29a9bdc9bd019a3e320a3f94...

WordPress Affiliate Manager Plugin < 6.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Affiliate Manager Type Plugin Vulnerable versions 6.5.1 Fixed in 6.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5287 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 14d5b3c71416 Credits Bob Matyas Required...

CVE-2024-5287

creationtimestamp| type| source ---|---|--- 2024-07-13 08:49:42+00:00| seen| https://t.me/cvedetector/804...

CVE-2024-5287 WP Affiliate Platform < 6.5.1 - Profile Update via CSRF

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack...

CVE-2024-5287 WP Affiliate Platform < 6.5.1 - Profile Update via CSRF

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack...

CVE-2019-5287

creationtimestamp| type| source ---|---|--- 2024-02-14 08:51:12+00:00| seen| https://t.me/ctinow/184468...

CVE-2023-5287

creationtimestamp| type| source ---|---|--- 2023-09-30 00:37:59+00:00| seen| https://t.me/cibsecurity/71333...