CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3919

Summary of CVE-2026-3919 : The vulnerability is a use-after-free in Chrome/Chromium extensions, enabling potential heap corruption via a crafted HTML page. The issue affects Chrome/Chromium prior to version 146.0.7680.71. Public feeds show Chromium updates delivering fixes in the 146.0.7680.164 c...

CVE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...

kernel: x86/tdx: Fix "in-kernel MMIO" check

A flaw was found in the Linux kernel. Userspace can deceive the kernel into performing MMIO Memory-Mapped IO operations in TDX Trust Domain Extensions on its behalf, allowing a VE Virtualization Exception to be incorrectly handled as a in-kernel MMIO operation...

GHSA-V5HF-F4C3-M5RV Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types

Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...

Cross-site Scripting (XSS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload. An attacker can execute arbitrary scripts in the context of the application...

Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types

Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...

GHSA-HCJ7-6GXH-24WW Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload

Impact A stored cross-site scripting XSS vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with Content-Type: image/svg+xml and without protective headers, causing the browser to execute embedded scripts in the Parse Server origin...

KLA90934 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in WebML can be exploited to cause...

PT-2026-24876

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

Google Chrome 资源管理错误漏洞

Google Chrome is a free web browser developed by Google Inc. A security vulnerability exists in Google Chrome Extensions, which originates from re-referencing or using freed memory and can be exploited by remote attackers to execute arbitrary code...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 146 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 146.0.7680.71 Linux 146.0.7680.71/72 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...

chromium -- security fixes

Chrome Releases reports: This update includes 29 security fixes: 483445078 Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 481776048 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 483971526 High CVE-2026-3915: Heap...

ROS-20260310-73-0021

Vulnerability in python-pymdown-extensions related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

PT-2026-24867

🟠 CVE-2026-3919 - High Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a craf... https://t.co/gFpl8ax02B https://t.co/1pVqPwfKJV...

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer...

kernel: x86/tdx: Fix "in-kernel MMIO" check

A flaw was found in the Linux kernel. Userspace can deceive the kernel into performing MMIO Memory-Mapped IO operations in TDX Trust Domain Extensions on its behalf, allowing a VE Virtualization Exception to be incorrectly handled as a in-kernel MMIO operation...

Linux Distros Unpatched Vulnerability : CVE-2026-3731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c o...

EUVD-2026-10234

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...