ROS-20260609-73-0025

The vulnerability of the Graphics component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

PT-2026-47631

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

PT-2026-47790

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm device leak on aperture removal failure When aperture remove conflicting pci devices fails during probe, the error path returns directly without unwinding the nvkm device that was just allocated by nvkm devi...

Adobe Dreamweaver 21.0 < 21.8 Multiple Vulnerabilities (APSB26-62)

The version of Adobe Dreamweaver installed on the remote Windows host is prior to 21.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-62 advisory. - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-11676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised...

CVE-2026-11687

Summary: CVE-2026-11687 is a use-after-free in Dawn within Google Chrome for Mac, leading to potential heap corruption via a crafted HTML page. The underlying issue is a use-after-free in Dawn, with impact described as a remote attacker able to cause high-severity outcomes (confidentiality, integ...

CVE-2026-11680

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11669

Affects Google Chrome on ChromeOS : an out-of-bounds read in Media prior to version 149.0.7827.103 . A remote attacker who has compromised the renderer process could craft an HTML page to read potentially sensitive data from process memory. No exploitation details are provided. Remediation: upgra...

CVE-2026-11665

Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11661

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11651

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11651

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11644

Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Critical...

CVE-2026-11637

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-11637

CVE-2026-11637 is a use-after-free vulnerability in Chrome's Views on macOS, exploitable via a crafted HTML page to achieve remote code execution. Affected software is Google Chrome for macOS with versions earlier than 149.0.7827.103 (Chromium). The underlying cause is use-after-free in the Views...

CVE-2026-11628

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...

CVE-2026-11628

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...

CVE-2026-11099

A vulnerability flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500414865...

CVE-2026-46291

A flaw was found in the Linux kernel's crypto: caam component. This vulnerability allows for the disclosure of sensitive HMAC Hash-based Message Authentication Code key bytes at runtime. The issue occurs because the hashdigestkey function uses printhexdumpdevel without proper guarding, which can...

Security Bulletin: Unauthenticated Session History Access via Public Flow Execution

Summary A session ID namespace bypass vulnerability existed in Langflow OSS' POST /api/v1/buildpublictmp/flowid/flow endpoint that allowed unauthenticated attackers to access chat history from other users' sessions. The endpoint accepted an inputs.session parameter that could override the session...