Microsoft Edge (Chromium) < 144.0.3719.130 (CVE-2026-2441)

The version of Microsoft Edge installed on the remote Windows host is prior to 144.0.3719.130. It is, therefore, affected by a vulnerability as referenced in the February 17, 2026 advisory. - Use after free in CSS allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

Exploit for Use After Free in Google Chrome

CVE-2026-2441-PoC CVE-2026-2441 PoC Chrome CSS Use-After-Free...

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Google Chrome for versions prior to 145.0.7632.75. The vulnerability is in the way Google Chrome handles CSS and involves a use-after-free issue. This can lead to remote code execution via specially crafted HTML pages. Both Google Chrome and Microsoft Edge base...

OPENSUSE-SU-2026:20248-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script boo1258199 - also copy rollup into thirdparty/node/nodemodules - stay on llvm-10 for swiftshader but bring a similar patch -...

Fedora 43 : chromium (2026-443f9ace49)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-443f9ace49 advisory. Update to 145.0.7632.75 CVE-2026-2441: Use after free in CSS CVE-2026-2313: Use after free in CSS CVE-2026-2314: Heap buffer overflow in Codecs...

Fedora 42 : roundcubemail (2026-d684b372f1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d684b372f1 advisory. Release 1.6.13 - Managesieve: Fix handling of string-list format values for date tests in Out of Office 10075 - Fix remote image blocking bypass via SVG...

Exploit for Use After Free in Google Chrome

CSS in Google Chrome prior to Remote Code Execution CVE-2026-...

Exploit for Use After Free in Google Chrome

CVE-2026-2441 — Chrome CSSFontFeatureValuesMap Use-After-Free...

CVE-2026-1640 Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...

Chromium: CVE-2026-2313 Use after free in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

WordPress plugin Taskbuilder – WordPress Project Management & Task Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

Update Chrome now: Zero-day bug allows code execution via malicious webpages

Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it...

[SECURITY] [DSA 6137-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6137-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 17, 2026 https://www.debian.org/security/faq -...

Debian dsa-6137 : roundcube - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6137 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6137-1 [email protected]...

KLA90894 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Information disclosure vulnerability can be exploited to...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0053-1 Rating: important References: 1258116 1258185 1258199 Cross-References: CVE-2026-2313 CVE-2026-2314 CVE-2026-2315 CVE-2026-2316 CVE-2026-2317 CVE-2026-2318 CVE-2026-2319 CVE-2026-2320 CVE-2026-2321...

Google Chromium CSS Use-After-Free Vulnerability

Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...

PT-2026-8383

Apple recently patched the missing piece in the userland part of the Dec'25 full-chain exploit. CVE-2026-20700: dyld memory corruption to PAC bypass This bug completes the chain of CVE-2026-43529 jsc UAF RCE, PoC public and CVE-2026-14174 Angle OOB EoP, no working PoC yet. Patched in iOS 26.3...

CVE-2026-2027

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up to, and including, 1.0.49 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.5.2-15.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...