5149 matches found
DEBIAN-CVE-2026-14090
Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14090
Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14011
Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13985
Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13942
Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13942
Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14011
Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14011
The affected component is Google Chrome (SurfaceCapture) with an out-of-bounds read vulnerability in versions prior to 150.0.7871.47. The issue could allow a remote attacker to read memory via a crafted HTML page. Severity is described as Medium by Chromium, with CVSS-driven impact: Confidentiali...
CVE-2026-13985
The CVE-2026-13985 issue affects Google Chrome (Chromium-based) where an inappropriate implementation in MediaCapture allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Impact is UI spoofing with no confidentiality or availability lo...
CVE-2026-13942
Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13942
Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13942
CVE-2026-13942 affects Google Chrome on ChromeOS prior to 150.0.7871.47, where an inappropriate implementation in the Video Capture component allows a local attacker to perform UI spoofing through a crafted HTML page. The issue is explicitly described across multiple sources as a local vulnerabil...
PT-2026-54287
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read exists in SurfaceCapture, which allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. An out of bounds read occurs when th...
PT-2026-54365
Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the CameraCapture component allows a remote attacker to perform an out-of-bounds memory read, which occurs when a user visits a...
PT-2026-54261
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the MediaCapture component allows a remote attacker who has already compromised the renderer process to perform UI spoofing. This is achieved by using...
PYSEC-2026-265 NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)
Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
CVE-2026-58056
RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...
CVE-2026-58056 RustDesk - FileTransfer Session Authorization Scope Bypass
RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...
CVE-2026-58056
RustDesk is affected by a session-authorization scope bypass in FileTransfer sessions. The root cause is gating incoming control messages on per-capability flags rather than the session’s authorized connection type; a peer with only valid FileTransfer authorization can inject keyboard/mouse input...