8073 matches found
CVE-2026-3919
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-3919
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-3919
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-3928
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-3928
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-3928
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-3928
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-3928
CVE-2026-3928 is a vulnerability in Chromium-based extensions handling in Google Chrome. The issue is insufficient policy enforcement in the Extensions framework, allowing a user-assisted attacker who lures a target to install a malicious extension to perform UI spoofing via the extension. Affect...
CVE-2026-3919
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-3919
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-3919
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-3919
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-3919
Summary of CVE-2026-3919 : The vulnerability is a use-after-free in Chrome/Chromium extensions, enabling potential heap corruption via a crafted HTML page. The issue affects Chrome/Chromium prior to version 146.0.7680.71. Public feeds show Chromium updates delivering fixes in the 146.0.7680.164 c...
CVE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...
kernel: x86/tdx: Fix "in-kernel MMIO" check
A flaw was found in the Linux kernel. Userspace can deceive the kernel into performing MMIO Memory-Mapped IO operations in TDX Trust Domain Extensions on its behalf, allowing a VE Virtualization Exception to be incorrectly handled as a in-kernel MMIO operation...
Cross-site Scripting (XSS)
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload. An attacker can execute arbitrary scripts in the context of the application...
Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types
Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...
GHSA-V5HF-F4C3-M5RV Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types
Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...
GHSA-HCJ7-6GXH-24WW Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload
Impact A stored cross-site scripting XSS vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with Content-Type: image/svg+xml and without protective headers, causing the browser to execute embedded scripts in the Parse Server origin...
chromium -- security fixes
Chrome Releases reports: This update includes 29 security fixes: 483445078 Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 481776048 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 483971526 High CVE-2026-3915: Heap...