CVE-2026-11258

This CVE (CVE-2026-11258) affects Google Chrome’s File System Access and is due to an inappropriate implementation that allows a remote attacker to bypass discretionary access control when a user is persuaded by a crafted HTML page to perform specific UI gestures. Affected software: Chrome prior ...

CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-10931

Summary: CVE-2026-10931 is a use-after-free in Chrome’s FileSystem that could allow a remote sandbox escape via a crafted HTML page. Affected product/area: Google Chrome (Chromium-based) prior to version 149.0.7827.53. Impact: high severity with potential sandbox escape; attacker could trigger ne...

CVE-2026-10931

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-10931

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-10886

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10886

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

ROOT-APP-NPM-CVE-2024-12905 CVE-2024-12905 in @rootio/tar-fs - Patched by Root

Root has patched CVE-2024-12905 in the @rootio/tar-fs package for Root:npm. Multiple fixed versions available...

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed...

PT-2026-46785

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-46256

A flaw was found in the Linux kernel, specifically within the NFS Network File System LOCALIO optimization. This vulnerability allows for a recursion deadlock to occur during direct reclaim operations. When LOCALIO attempts to write pages back into NFS via nfswritepages, it can lead to a system...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

CVE-2026-46256 NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

CVE-2026-46256

CVE-2026-46256 refers to a Linux kernel flaw in the NFS LOCALIO optimization. The issue allows a recursion deadlock during direct reclaim when writing pages back into NFS via nfs_writepages, potentially affecting NFS loopback paths where LOCALIO is used on the same system. The root cause is that ...

PT-2026-46019

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NFS LOCALIO, an optimization for loopback mounts that bypasses the network for READ, WRITE, and COMMIT operations when the client and server are on the same system...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the btrfs file system’s use of listaddtail to update the dirtylist for blockgrouptree when settin...

Linux Distros Unpatched Vulnerability : CVE-2025-71309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now...