CVE-2026-7357

An use after free flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497047552...

PT-2026-35899

Name of the Vulnerable Software and Affected Versions WebFlux server application affected versions not specified Description A WebFlux server application that processes multipart requests creates temporary files for parts larger than 10 K. Under certain conditions, these temporary files may not b...

Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-015451)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015451 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values. Tenable has extracted the...

FreeBSD Security Advisory - FreeBSD-SA-26:17.libnv

FreeBSD Security Advisory - When processing the header of an incoming message, libnv failed to properly validate the message size...

FreeBSD-SA-26:17.libnv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:17.libnv Security Advisory The FreeBSD Project Topic: Heap overflow in libnv Category: core Module: libnv Announced: 2026-04-29 Credits: Mariusz Zaborski...

CVE-2026-7357

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-7333

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7333

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7357

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-26177

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-7357

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-7333

CVE-2026-7333 describes a use-after-free in the GPU component of Google Chrome, leading to a potential sandbox escape via a crafted HTML page on Chromium-based browsers. Affected product: Google Chrome versions earlier than 147.0.7727.138. Root cause: use-after-free in GPU handling. Impact: remot...

CVE-2026-7333

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7333

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-5939

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...

EUVD-2026-26083

OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion...

CLSA-2026-1777389615 Fix CVE(s): CVE-2024-45802

SECURITY UPDATE: multiple vulnerabilities in Edge Side Includes ESI processing - debian/rules: build with --disable-esi to remove the vulnerable ESI response processor matches the upstream Squid 6.10 default, where ESI support is disabled by default. - debian/control: drop libexpat1-dev and...

Chromium: CVE-2026-6920 Out of bounds read in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-41411

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

CVE-2026-6921

A race flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493315759 Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...