3678 matches found
DEBIAN-CVE-2026-14100
Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14050
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14019
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13833
Uninitialized Use in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-14100
CVE-2026-14100 affects Google Chrome’s NetworkCache. Affected component: NetworkCache in Chrome (before version 150.0.7871.47). Root cause: insufficient data validation that enables a remote attacker to leak cross-origin data via a crafted HTML page. Impact: cross-origin data leakage with network...
CVE-2026-14061
The CVE-2026-14061 issue affects Dawn in Google Chrome, prior to version 150.0.7871.47. It is described as an insecure implementation that could allow a remote attacker to obtain potentially sensitive data from process memory via a crafted HTML page. Affected component: Dawn within Chrome. Root c...
CVE-2026-14053
CVE-2026-14053 affects Google Chrome where extensions enforcement is insufficient. A remote attacker who has already compromised the renderer process could leak cross-origin data via a crafted HTML page, due to policy enforcement gaps in Extensions before version 150.0.7871.47. The vulnerability ...
CVE-2026-14050
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-14050.
CVE-2026-13952
Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13932
Inappropriate implementation in Sharing in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13892
CVE-2026-13892 concerns Chrome for iOS before version 150.0.7871.47, where an inappropriate implementation allowed a remote attacker who lured a user into specific UI gestures to leak cross-origin data via a crafted HTML page. The issue affects Chrome on iOS (Chromium-based) and has a Medium seve...
CVE-2026-13833
Uninitialized Use in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-58371
SeaweedFS before 4.30 is vulnerable to cross-origin information disclosure via an unvalidated JSONP callback parameter. The shared writeJson helper can reflect the callback verbatim into responses served as application/javascript without callback-name validation, missing X-Content-Type-Options: n...
PT-2026-54393
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient data validation in DevTools allows a remote attacker to leak cross-origin data through a crafted HTML page, provided the attacker can convince a user to perform specific UI...
PT-2026-54124
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input allows a remote attacker to leak cross-origin data, which is information from a different origin than the one serving the page, by usin...
PT-2026-53970
Name of the Vulnerable Software and Affected Versions IBM Business Automation Manager Open Editions versions 9.0.0 through 9.4.2 Description An XML external entity injection XXE occurs when processing XML data. This allows a remote attacker to expose sensitive information or consume memory...
CVE-2026-43713
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data...
CVE-2026-43713
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a website may leak sensitive data...
CVE-2026-58051
A flaw in libssh2 allows a malicious SSH server to send a malformed public key response, triggering an invalid memory cleanup. This can cause the connecting client application to crash or leak information. Mitigation To mitigate this issue, ensure your applications connect only to trusted and...
The Gentlemen are knocking: сustom backdoors and evolving tactics
Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...