EUVD-2026-34733

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11272

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11272

Affected product: Google Chrome on iOS. Vulnerable component: Reading List. Root cause: Insufficient validation of untrusted input. Impact: Remote attacker who persuades a user to perform specific UI gestures can achieve privilege escalation via a crafted HTML page on versions prior to 149.0.7827...

CVE-2026-11272

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

PT-2026-46799

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

PT-2026-38908

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...

PT-2026-38909

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

Malicious code in parse-safari-reading-list (npm)

The package parse-safari-reading-list was found to contain malicious code...

MAL-2025-28878 Malicious code in parse-safari-reading-list (npm)

The package parse-safari-reading-list was found to contain malicious code...

Minor update(2) for Vivaldi Android Browser 7.5

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the first 7.5 stable minor update: Downloads PDF...

CVE-2024-44246

The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address t...

Apple iOS和iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS prior to 18.2 and iPadOS prior to 18.2, which stems from the fac...

PT-2024-31073 · Apple · Ios +4

Name of the Vulnerable Software and Affected Versions: macOS Sequoia versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 Safari versions prior to 18.2 iPadOS versions prior to 17.7.3 Description: The issue was addressed with improved routing of Safari-originated...

Unauthenticated reading list item deletion

Description A unauthenticated user can delete any book item of any user reading list in the system without any authentication or authorization verification, via the /api/readinglist/delete-item API endpoint. Proof of Concept 1 - Send the following request, where x is the target readingListId and ...

Microsoft Edge: The Windows 10 Web Browser

Meet Microsoft’s replacement to its old web browser Internet Explorer. The Project Spartan Web browser for Windows 10 has now an official name — Microsoft Edge. Yes, Microsoft’s new web browser shipping on all Windows 10 devices, from computers to smartphones and tablets, is dubbed Microsoft Edge...

Apple Safari Update Fixes 58 Bugs, Adds Sandboxing

Along with the release of their new Lion OS X, Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. Fifty-eight security vulnerabilities in total are addressed in the update...