USN-8328-1: OpenJDK 21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

USN-8327-1 openjdk-17 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

PT-2026-44585

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description A use after free issue in WebGL allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw tha...

PT-2026-44584

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read in WebGL allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. An out of bounds read occurs when a program rea...

PT-2026-44607

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the GPU allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted...

PT-2026-44644

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue in GFX allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after...

PT-2026-44581

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds write in the GPU allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used to brea...

PT-2026-44621

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An inappropriate implementation in the GPU allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page...

PT-2026-44338

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Direct Rendering Manager DRM within the change handle function. The issue occurs when an ioctl briefly associates a single object with two idr entries. A...

PT-2026-44334

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the msm ioctl gem info get metadata function where it unconditionally returns 0, ignoring error codes stored in ret. This occurs when the user buffer is too small or...

PT-2026-44352

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the drm/amdkfd component allows stale data exposure during VRAM allocation. While the GEM ioctl path correctly sets the AMDGPU GEM CREATE VRAM CLEARED flag for userspace...

Fedora 44 : perl-Imager (2026-63ab4e8283)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-63ab4e8283 advisory. Imager 1.031 - GIF: fix a heap buffer overflow with attacker controlled data CVE-2026-8454 Imager 1.030 - addtag: store non-int numbers as strings - addtag:...

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

CVE-2026-48973

Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

CVE-2026-49102

Webmin versions prior to 2.640 are affected by CVE-2026-49102. The issue is an XSS in the mailboxes/detach.cgi component triggered by viewing an SVG document attachment, caused by using image/svg+xml instead of a safe type (e.g., text/plain). Impact is potential cross-site scripting within the ma...

CVE-2026-48973 WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...

EUVD-2026-32526

Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...