CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

DEBIAN-CVE-2026-11637

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-11639

Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

DEBIAN-CVE-2026-11634

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

PT-2026-48332

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle dht get, the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails from a malicious DHT...

Security update for elemental-register (important)

openSUSE security update: security update for elemental-register ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20920-1 Rating: important References: bsc1251679 bsc1260277 bsc1265921 bsc1266789 bsc1267168 bsc1267197 Cross-References: CVE-2026-33186...

PT-2026-48331

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macro...

Linux Distros Unpatched Vulnerability : CVE-2026-46325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different fr...

Fedora 43 : objfw (2026-d1580bc2d5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d1580bc2d5 advisory. Update to 1.5.5, containing many bug fixes, some also security related. Tenable has extracted the preceding description block directly from the Fedora securi...

EulerOS 2.0 SP11 : tigervnc (EulerOS-SA-2026-2267)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application...

Security update for elemental-toolkit (important)

openSUSE security update: security update for elemental-toolkit ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20921-1 Rating: important References: bsc1251679 bsc1260277 bsc1266187 bsc1267168 Cross-References: CVE-2026-33186 CVSS scores:...

PT-2026-47875

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

CVE-2026-36805

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

OpenSSL Security Advisory 20260609

OpenSSL is susceptible to multiple security vulnerabilities. A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. The Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag...

Linux Distros Unpatched Vulnerability : CVE-2026-11663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a...

Linux Distros Unpatched Vulnerability : CVE-2026-46299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the...

PT-2026-48299

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A flaw in the BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The issue stems from uncontrolled mutual recursio...

UBUNTU-CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

PT-2026-48341

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...