5222 matches found
CVE-2026-13933
CVE-2026-13933 concerns insufficient policy enforcement in the Passwords feature of Google Chrome, prior to version 150.0.7871.47. A remote attacker who has already compromised the renderer process could exfiltrate potentially sensitive data from process memory via a crafted HTML page. The CVE is...
CVE-2026-13914
Inappropriate implementation in Passwords in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...
CVE-2026-13905
Chrome for iOS on Google Chrome (iOS) is affected by a race in versions prior to 150.0.7871.47, allowing a local attacker with physical access to potentially read confidential data from process memory. The issue is documented across CVE-2026-13905 and EUVD-2026-40591. Remediation is to upgrade to...
CVE-2026-13879
Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Medium...
CVE-2026-13879
Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Medium...
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13819
Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
UBUNTU-CVE-2026-58013
A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...
PT-2026-54246
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in the Media component allows a remote attacker who has already compromised the renderer process to retrieve potentially sensitive information from process memory...
PT-2026-54217
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in the Cast component allows an attacker on the local network segment to obtain potentially sensitive information from process memory by sending malicious network...
PT-2026-54226
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in the GPU component allows a remote attacker who has already compromised the renderer process to retrieve potentially sensitive information from process memory. Th...
PT-2026-54365
Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the CameraCapture component allows a remote attacker to perform an out-of-bounds memory read, which occurs when a user visits a...
Linux Distros Unpatched Vulnerability : CVE-2026-57437
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document...
CVE-2026-58058
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...
CVE-2026-38571
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...
CVE-2026-57437
A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability occurs when an application directly constructs an XPathContext and allows its associated document to be garbage collected while the context is still in use. An attacker could potentially exploit this by causing the...
EUVD-2026-39645
A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...
CVE-2026-38571
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...
CVE-2026-38571
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...