CVE-2026-11203

Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11150

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11098

CVE-2026-11098 affects the GPU component in Google Chrome (Chromium-based) where there is insufficient validation of untrusted input prior to version 149.0.7827.53. The vulnerability could allow a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted...

CVE-2026-11085

Integer overflow in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11082

Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11064

Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11064

Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11052

Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11052

Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allows a renderer-compromised attacker to potentially escape the sandbox via a crafted HTML page. Affected: Chrome on Windows; component: GPU/renderer pathway; root cause: type confusion in GPU handling. Impact is sandbox es...

CVE-2026-11052

Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11045

Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11021

Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10892

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10892

CVE-2026-10892 is an out-of-bounds write in the GPU component of Google Chrome on Android, before version 149.0.7827.53, allowing a remote attacker to potentially escape the sandbox via a crafted HTML page. The issue affects Chrome for Android and is categorized as Critical. Public references sho...

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the pngpushreadchunk function in the push-mode APNG parser. An attacker can inject chunked data with a malicious PNG file containing attacker-controlled bytes in an ignored ancillary chunk, which are then...

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

CVE-2026-10863

CVE-2026-10863 affects the correlations over-correlation endpoint in the application, specifically the overCorrelations() function in app/Controller/CorrelationsController.php. The vulnerability arises from accepting an order parameter from user-controlled named request parameters, which could al...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

Security Bulletin: IBM Event Processing is vulnerable to a CRLF injection vulnerability in Netty (CVE-2025-67735)

Summary IBM Event Processing is vulnerable to a CRLF injection vulnerability in Netty io.netty.handler.codec.http.HttpRequestEncoder. An attacker could exploit this vulnerability to perform HTTP request smuggling against affected Event Processing services that use the vulnerable Netty component...