29 matches found
chromium -- security fixes
Chrome Releases reports: This update includes 31 security fixes: 490170083 Critical CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05 493628982 Critical CVE-2026-6297: Use after free in Proxy. Reported by heapracer on 2026-03-17 495700484 Critical CVE-2026-6298: Hea...
@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23869 via react-server-dom-webpack (>=19.0.0 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...
PT-2026-33137
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description A use after free issue in Prerender allows a remote attacker to execute arbitrary code by inducing the victim to open a crafted HTML page. Use after free is a memory corruption flaw th...
CVE-2025-67647
CVE-2025-67647 affects SvelteKit. Before 2.49.5, it allows server-side request forgery (SSRF) and DoS under prerender conditions. From 2.44.0 to 2.49.4, a DoS can occur if at least one prerendered route exists (export const prerender = true). From 2.19.0 to 2.49.4, DoS/SSRF can occur when there i...
@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.0.0 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...
@cedarjs/api-server (>=0.0.4 <=9.0.0-canary.1784), @cedarjs/cli (>=0.0.4 <=9.0.0-canary.1784) +65 more potentially affected by unknown CVE via @escape.tech/graphql-armor-cost-limit (>=1.7.0 <=2.4.1)
@escape.tech/graphql-armor-cost-limit NPM version =1.7.0, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.9.1-next.19, =0.0.4, =0.0.4, =0.0.2, =1.0.6, =2.0.6, =2.2.2, =2.19.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-733V-P3H5-QPQ7...
GHSA-CPJ6-FHP6-MR6J React Router allows pre-render data spoofing on React-Router framework mode
Summary After some research, it turns out that it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. Latest versions are impacted. Details The vulnerable header i...
QIWI: SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"
Здравствуйте! На сайте https://qiwi.com вы используете Prerender HAR Capturer 5.6.0 на основе Headless Chrome для рендеринга HTML, снимков экрана, PDF-файлов и файлов HAR с любой веб-страницы https://github.com/prerender/prerender. Если на qiwi.com послать запрос с измененным юзер-агентом...
@commercial/hapi (=19.0.2), @hapi/hapi (>=19.0.0 <=19.0.4) +7 more potentially affected by unknown CVE via @hapi/accept (=4.0.1)
@hapi/accept NPM version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @hapi/accept and may be impacted: - @commercial/hapi =19.0.2 - @hapi/hapi =19.0.0, =0.0.3, =0.27.0, =0.27.0, =0.9.0, =2.0.4, =5.0.2 Source cves: unknown CVE Source advisory...