Astra Linux - уязвимость в webkit2gtk

This issue has been addressed through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4. Processing maliciously crafted web content may bypass the Same Origin Policy...

Astra Linux - уязвимость в webkit2gtk

A type confusion issue has been resolved through improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1, and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

A memory corruption issue has been addressed through improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1, iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, and macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a...

Astra Linux - уязвимость в webkit2gtk

This issue has been resolved through improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3, and iPadOS 18.7.3; iOS 26.2 and iPadOS 26.2; macOS Tahoe 26.2; and visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...

SUSE CVE-2026-8578

Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-29254

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

SUSE CVE-2026-7956

Use after free in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в webkit2gtk

A type confusion issue has been addressed through improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, and Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a repor...

Astra Linux - уязвимость в webkit2gtk

A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information...

Astra Linux - уязвимость в webkit2gtk

A type confusion issue has been resolved through improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3, and iPadOS 18.7.3; iOS 26.2 and iPadOS 26.2; macOS Tahoe 26.2; and visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash...

Astra Linux - уязвимость в firefox, thunderbird

A properly crafted CMS message could be processed incorrectly, resulting in an invalid memory read and potentially further memory corruption. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

OPENSUSE-SU-2026:20605-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-34379: misaligned memory write during file decoding can cause a denial of service bsc1261621. - CVE-2026-34380: lack of proper check can lead to integer overflow in image decoding bsc1261622. - CVE-2026-34588: crafted EXR file can lea...

CVE-2026-20665

This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from bei...

CVE-2026-2378

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

PT-2026-26680

CVE-2026-2378 ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after use… https://t.co/bicqMxffCH...

CVE-2026-21853

AFFiNE , an open-source workspace OS, has a remote code execution vulnerability in versions before 0.25.4. A specially crafted affine: URL can be embedded on a website to trigger the AFFiNE custom URL handler, causing the app to launch and process the URL, resulting in arbitrary code execution on...

CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

PT-2026-7212

Due to a Deserialization vulnerability in SAP NetWeaver JMS service, an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic executio...