382 matches found
CVE-2026-43745
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds write due to improper input validation, resulting in an unexpected process crash...
CVE-2026-43732
A flaw was found in WebKitGTK. Processing maliciously crafted web content can disclose sensitive user information due to a path handling issue that was addressed with improved validation...
CVE-2026-43712
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds write due to improper memory handling, resulting in an unexpected process crash...
CVE-2026-43720
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...
CVE-2026-43716
A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...
SUSE CVE-2026-20217
A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in...
CVE-2026-20214
A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG...
EUVD-2026-40575
Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
Linux Distros Unpatched Vulnerability : CVE-2026-14065
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer proces...
CVE-2026-13838
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13749
Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...
CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
Astra Linux – Vulnerability in WebKit2GTK
A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5, and iPadOS 18.7.5; iOS 26.3 and iPadOS 26.3; macOS Tahoe 26.3; and visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2026-46546
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...
PT-2026-46585
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in Skia allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using a crafted HTML...
Astra Linux – Vulnerability in Firefox and Thunderbird
A properly crafted CMS message could be processed incorrectly, resulting in an invalid memory read and potentially further memory corruption. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been addressed through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4. Processing maliciously crafted web content may bypass the Same Origin Policy...
Astra Linux – Vulnerability in WebKit2GTK
A logic issue was addressed through improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2, and iPadOS 16.2, as well as watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information...
Astra Linux – Vulnerability in WebKit2GTK
A memory corruption issue has been addressed through improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1, iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, and macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a...