164 matches found
CVE-2026-12437
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
DEBIAN-CVE-2026-12439
Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-10896
CVE-2026-10896 affects Chrome for iOS (Google Chrome on iOS) prior to 149.0.7827.53. The vulnerability is a use-after-free in handling crafted HTML pages, enabling a remote attacker to execute arbitrary code. The Google Chrome 149 stable release (Chrome 149.0.7827.53 for Linux/Windows/macOS; iOS ...
Important: Red Hat Security Advisory: Kiali 2.22.3 for Red Hat OpenShift Service Mesh 3.3
Kiali 2.22.3 for Red Hat OpenShift Service Mesh 3.3 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.3. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Commo...
Astra Linux - уязвимость в intel-microcode
The removal or modification of security-critical code in certain Intel processors may allow an authenticated user to potentially enable information disclosure through local access...
SUSE CVE-2026-41526
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...
CVE-2026-41526
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...
Following Dragons: Code Review-Guided Fuzzing
Modern fuzzers scale to large, real-world software but often fail to exercise the program states developers consider most fragile or security-critical. Such states are typically deep in the execution space, gated by preconditions, or overshadowed by lower-value paths that consume limited fuzzing...
CVE-2025-66630
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...
Fiber 安全特征问题漏洞
Fiber is Fiber open source an open source Web framework written in Go language . Fiber suffers from a security signature issue vulnerability. The vulnerability stems from an error not returned by the UUID function and can be exploited by an attacker to use predictable or low entropy identifiers i...
AZL-75579 CVE-2025-11065 affecting package terraform for versions less than 1.3.2-29
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75476 CVE-2025-11065 affecting package packer 1.9.5-11
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75527 CVE-2025-11065 affecting package moby-cli for versions less than 24.0.9-8
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75582 CVE-2025-11065 affecting package vitess for versions less than 17.0.7-14
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75500 CVE-2025-11065 affecting package kured for versions less than 1.14.2-7
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75434 CVE-2025-11065 affecting package kata-containers 3.19.1.kata2-4
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-11065
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
EUVD-2025-206346
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-1999-0576
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories...
EUVD-1999-0561
Malware in sbrugna...