SUSE CVE-2026-8515

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-8553

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-45303

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an...

[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 44 Update: nginx-1.30.1-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

CVE-2026-41506

A flaw was found in go-git, an extensible Git implementation library for Go. This vulnerability allows an attacker to potentially obtain sensitive HTTP authentication credentials. This can occur when go-git follows redirects during smart-HTTP clone and fetch operations, leading to the unintended...

CVE-2026-42559

A flaw was found in rmcp, the official Rust SDK for the Model Context Protocol. The Streamable HTTP server transport in rmcp failed to validate the incoming Host header, enabling a malicious public website to exploit this through a DNS rebinding attack. This allows the attacker to send...

[SECURITY] Fedora 43 Update: php-8.4.21-1.fc43

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

ROS-20260515-73-0031

A vulnerability in the WebML component of the Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0038

A vulnerability in the MediaStream component of Google Chrome and Microsoft Edge browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0041

A vulnerability in the LookalikeChecks component of the Google Chrome and Microsoft Edge browser is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow a remote attacker to spoof an attack using a specially crafted HTML page...

ROS-20260515-73-0053

A vulnerability in the Google Chrome browser is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to bypass navigation restrictions using a specially crafted HTML page...

ROS-20260515-73-0024

A vulnerability in the CSS component of the Google Chrome and Microsoft Edge browsers is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0029

A vulnerability in the WebML component of the Google Chrome browser is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

CVE-2026-8575

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8545

Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CLSA-2026-1778778961 curl: Fix of 2 CVEs

CVE-2018-1000120: fix buffer overflow exists in the FTP URL handling - CVE-2018-1000007: fix leak authentication data to third parties in HTTP requests...

CVE-2026-8527

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-8583

Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...