13400 matches found
CVE-2025-7006 Avast antivirus use of stack memory after free when scanning a malformed PE file
Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux...
CVE-2025-7006 Avast antivirus use of stack memory after free when scanning a malformed PE file
Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux...
CVE-2025-7004 Avast antivirus heap buffer OOB write when scanning a malformed PE file
Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...
EUVD-2026-36329
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
PT-2026-49013
Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25021310 AVG Antivirus versions prior to VPS 25021310 Norton Antivirus versions prior to VPS 25021310 Avast One versions prior to VPS 25021310 Avast Business Antivirus versions prior to VPS 25021310...
PT-2026-49011
Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25031700 AVG Antivirus versions prior to VPS 25031700 Norton Antivirus versions prior to VPS 25031700 Avast One versions prior to VPS 25031700 Avast Business Antivirus versions prior to VPS 25031700...
PT-2026-49015
Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25021208 AVG Antivirus versions prior to VPS 25021208 Norton Antivirus versions prior to VPS 25021208 Avast One versions prior to VPS 25021208 Avast Business Antivirus versions prior to VPS 25021208...
PT-2026-49019
Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25020100 AVG Antivirus versions prior to VPS 25020100 Norton Antivirus versions prior to VPS 25020100 Avast One versions prior to VPS 25020100 Avast Business Antivirus versions prior to VPS 25020100...
CVE-2026-12008
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-12008
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-12008
CVE-2026-12008 : In Google Chrome, a Use-after-free in DigitalCredentials (pre-149.0.7827.115) could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The Chrome Stable update (149.0.7827.114/115 for Windows/Mac; 149.0.7827...
CVE-2026-12008
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-12008
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
A tale of two eras
Welcome to this week's edition of the Threat Source newsletter. To the surprise of absolutely no one who has seen my face, I'm one of the younger employees at Talos. As my industry veteran colleagues were buying the first iPods, navigating the switch from dial-up to broadband, saying goodbye to...
CVE-2026-24067
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...
DNG Generator for Floating-Point Edge Cases and Image Processing Robustness Testing
This C program implements an experimental TIFF/DNG file generator intended for studying how image-processing pipelines respond to unusual metadata combinations and extreme floating-point conditions...
DNGBehaviorAnalyzer Telemetry-Based DNG/TIFF Metadata Parser and Anomaly Detection
This Python script provides a telemetry-driven analysis framework for inspecting Digital Negative DNG files through low-level TIFF metadata parsing and runtime event logging. The tool reads and validates TIFF headers, traverses Image File Directory IFD entries, and records parser activity using...
DNGInspector Structural Analyzer for DNG/TIFF Metadata and IFD Anomaly Detection
This Python script implements a static inspection tool for Digital Negative DNG files by parsing the TIFF-based header and analyzing Image File Directory IFD entries for structural anomalies. The tool validates basic header fields, traverses IFD records, and flags suspicious metadata patterns suc...
PT-2026-48709
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...
chromium -- security fixes
Chrome Releases reports: This update includes 33 security fixes: 516496659 Critical CVE-2026-12437: Use after free in WebShare. 516947912 Critical CVE-2026-12438: Inappropriate implementation in WebView. 519728275 Critical CVE-2026-12439: Use after free in Digital Credentials. 519731619 Critical...