Fedora 42 : chromium (2026-3675ac2066)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3675ac2066 advisory. Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-629...

Security update for chromium (critical)

openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20588-1 Rating: critical References: bsc1262174 Cross-References: CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6299 CVE-2026-6300...

Chromium: CVE-2026-6309 Use after free in Viz

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE CVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-6309

CVE-2026-6309 describes a use-after-free in Viz within Google Chrome prior to version 147.0.7727.101. If an attacker compromised the renderer process via a crafted HTML page, they could potentially perform a sandbox escape. The entry notes a high severity. Affected software/version: Google Chrome...

CVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-6309

creationtimestamp| type| source ---|---|--- 2026-04-15 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260416 2026-04-15 21:17:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjksyyppyb2m 2026-04-15 23:26:54+00:00|...

CVE-2025-6309

creationtimestamp| type| source ---|---|--- 2025-06-20 05:43:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18907 2025-06-20 07:57:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrzkvqyep32m...

CVE-2025-6309

CVE-2025-6309 affects PHPGurukul Emergency Ambulance Hiring Portal v1.0. The vulnerability is in the file /admin/add-ambulance.php where the ambregnum parameter can be manipulated to trigger an SQL injection, due to missing input validation. Exploitability is remote and publicly disclosed; multip...

CVE-2025-6309 PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-ambulance.php. The manipulation of the argument ambregnum leads to sql injection. The attack can be launched...

Oracle Linux 8 : fence-agents (ELSA-2024-6309)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6309 advisory. - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-50223 - bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-43568 Tenable has extracted the...

CVE-2024-6309

creationtimestamp| type| source ---|---|--- 2024-07-09 10:59:29+00:00| seen| https://t.me/cvedetector/268...

CVE-2024-6309

CVE-2024-6309 — WordPress plugin Attachment File Icons (AF Icons)

CVE-2024-6309 Attachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload

The Attachment File Icons AF Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the 'afioverview' function and missing file type validation in the 'uploadicons' function...

WordPress Attachment File Icons Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Attachment File Icons Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6309 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID c3b98b264536 Credits István Márton...

CVE-2023-6309

creationtimestamp| type| source ---|---|--- 2023-12-16 18:52:13+00:00| seen| https://t.me/ctinow/155455...

CVE-2023-6309

A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/transresult.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may b...

CVE-2023-6309

CVE-2023-6309 affects moses-smt mosesdecoder up to version 4.0. The vulnerability is in the file contrib/iSenWeb/trans_result.php, where manipulating the input1 argument leads to an OS command injection. The exploit has been disclosed publicly.