Fedora 42 : chromium (2026-3675ac2066)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3675ac2066 advisory. Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-629...

Security update for chromium (critical)

openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20588-1 Rating: critical References: bsc1262174 Cross-References: CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6299 CVE-2026-6300...

Chromium: CVE-2026-6303 Use after free in Codecs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-6303 vulnerabilities

Vulnerabilities for packages: chromium...

SUSE CVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-6303

creationtimestamp| type| source ---|---|--- 2026-04-15 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260416 2026-04-16 11:16:12+00:00| seen| Telegram/j-zpZhFSipqPFVaOoufvpDRNhg2whahduAHfYT4AdF4gH4 2026-04-19 20:00:00+00:00| seen|...

CVE-2025-6303

creationtimestamp| type| source ---|---|--- 2025-06-20 03:32:49+00:00| published-proof-of-concept| Telegram/L4lIqSsQXTjvnf6qzxT5xghkQ8yhZM589p63a7QTsdU-Cc 2025-06-20 03:43:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18901 2025-06-20 04:05:38+00:00| seen|...

CVE-2025-6303

A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus1.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-6303 code-projects Online Shoe Store contactus1.php sql injection

A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus1.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-6303 code-projects Online Shoe Store contactus1.php sql injection

A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus1.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-6303

The CVE-2025-6303 entry concerns code-projects Online Shoe Store 1.0, where the file /contactus1.php handles user-submitted data. The root cause is lack of validation of the Message parameter, resulting in a SQL injection vulnerability. This can affect the application remotely and is described as...

CVE-2024-6303

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

CVE-2024-6303 Missing Authorization in Conduit

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

CVE-2024-6303

CVE-2024-6303 describes a missing authorization flaw in Conduit before or equal to version 0.7.0 in the Client-Server API. The vulnerability allows an attacker to remove and add any alias to a room, enabling privilege escalation by moving the #admins alias to a room under attacker control. This c...

MAL-2024-740 Malicious code in wlwz-2312-6303 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 997f076f2c239315e967168eae4c82e13a2fe8309e824e7699e99d899fd5576f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-6303 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 997f076f2c239315e967168eae4c82e13a2fe8309e824e7699e99d899fd5576f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...