8146 matches found
PT-2026-54275
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input within the Extensions component allows an attacker to perform UI spoofing. This occurs when a user is convinced to install a specially crafted...
PT-2026-54322
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows an attacker to bypass the content security policy if a user is convinced to install a malicious extension. This is achieved through ...
PT-2026-54417
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in Extensions allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. UI spoofing is a...
Linux Distros Unpatched Vulnerability : CVE-2026-6450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled...
PT-2026-54168
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input within the Extensions component allows a remote attacker who has already compromised the renderer process to achieve privilege escalation. Thi...
OPENSUSE-SU-2026:21163-1 Security update for yt-dlp
This update for yt-dlp fixes the following issues: Changes in yt-dlp: - Update to version 2026.06.09 Fixed CVE-2026-50019: File Downloader cookie leak with curl Fixed CVE-2026-50023: Dangerous file type creation via insufficient filename sanitization Fixed CVE-2026-50574: Arbitrary code execution...
EUVD-2026-31395
golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...
golang.org/x/crypto: FIDO/U2F security key physical presence check can be bypassed
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
EUVD-2026-31390
golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys...
golang.org/x/crypto doesn't drop invoking agent constraints when forwarding keys
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...
UBUNTU-CVE-2026-6450
A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...
CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions
A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...
EUVD-2026-39559
A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...
CVE-2026-6450
A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...
CVE-2026-6450
CVE-2026-6450 – CRL critical extension bypass : The vulnerability lies in ParseCRL_Extensions where enforcement of critical CRL extensions is insufficient, allowing a crafted CRL with an unhandled critical extension to be accepted. This affects builds with CRL support enabled when the parsed CRL ...
CVE-2026-6450
A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...
EUVD-2026-39553
ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the...
GO-2026-5154 Rancher Extensions have arbitrary file access via path traversal in github.com/rancher/rancher
Rancher Extensions have arbitrary file access via path traversal in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...
CVE-2026-52690
CVE-2026-52690 affects the PowerDNS Recursor. Spoofed replies can cause an authoritative server’s IP to be marked as not supporting EDNS, leading to DNSSEC validation failures for records served by that server. The vulnerability’s impact is documented as enabling validation failures in the presen...
EUVD-2026-39267
In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISERHEADERSLEN In drivers/infiniband/ulp/isert/ibisert.c, isertloginrecvdone computes the login request payload length as wc-bytelen minus ISERHEADERSLEN with no lower bound, and loginreql...