2407 matches found
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0034-1 Rating: important References: 1257404 Cross-References: CVE-2026-1504 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: Chromium was...
Malicious code in colorss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 de8be235bf17ee738265f4a0254263fc0caeefa1f9228c9f6f122dfd7b2fac2d Package silently executes in background a remote script. During the analysis, the script was not accessible --- Category: MALICIOUS - The campaign has clearly...
MAL-2026-619 Malicious code in colorss (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 de8be235bf17ee738265f4a0254263fc0caeefa1f9228c9f6f122dfd7b2fac2d Package silently executes in background a remote script. During the analysis, the script was not accessible --- Category: MALICIOUS - The campaign has clearly...
Fedora 43 : chromium (2026-ffccca9880)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ffccca9880 advisory. Update to 144.0.7559.109 CVE-2026-1504: Inappropriate implementation in Background Fetch API Tenable has extracted the preceding description block directly...
Chromium: CVE-2026-1504 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-25067
SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows U...
SUSE CVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
MAL-2026-602 Malicious code in tableasets (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3144974fea7e1e56465e9ba49f98ab0457b3adf75130300002c47f415d64fbd0 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in tableautes (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db2caf2b50286de83c99e588ab33e86d828ff3c39fd0dac1c5f3da229cdfced7 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
CVE-2026-25067
SmarterTools SmarterMail before build 9518 is affected by an unauthenticated path coercion in the background-of-the-day preview endpoint. The flaw stems from base64-decoding attacker-supplied input and using it as a filesystem path without validation, which on Windows can resolve UNC paths and tr...
MAL-2026-562 Malicious code in tabullates (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 499d47c3064299cb3d921b32ac9f22c2bab7b0b841b3de3a0cee3029625d5d26 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Linux Distros Unpatched Vulnerability : CVE-2026-1504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted...
DEBIAN-CVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-1504
CVE-2026-1504 concerns the Background Fetch API in Chromium/Google Chrome, where an inappropriate implementation allowed a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Chromium/Chrome prior to 144.0.7559.110 (per the initial description). The root cause ...
EUVD-2026-4737
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...