CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fixing the lock issue related to the gtk offload status event. The ath11k active PDevs are protected by RCUs. However, the code that handles the gtk offload status event and calls ath11kmacgetarvifbyvdevid was not...

Astra Linux - уязвимость в webkit2gtk

Multiple memory corruption issues have been resolved through improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, and Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

This issue was resolved by removing the origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4; iOS 15.7.4 and iPadOS 15.7.4; tvOS 16.4; and watchOS 9.4. A website may be able to track sensitive user information...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may result in address bar spoofing...

Astra Linux - уязвимость в webkit2gtk

A port redirection issue has been resolved with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, and iPadOS 14.4, as well as Safari 14.0.3. A malicious website may be able t...

Astra Linux - уязвимость в webkit2gtk

A use-after-free vulnerability exists in WebCore::RenderLayer::renderer in WebKitGTK before version 2.36.8, allowing attackers to execute code remotely...

Astra Linux - уязвимость в webkit2gtk

There is a code execution vulnerability in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page may lead to a use after free issue...

Astra Linux - уязвимость в webkit2gtk

A vulnerability related to out-of-bounds reads has been addressed through improved input validation. This issue is fixed in iOS 14.8, iPadOS 14.8, tvOS 15, watchOS 8, iOS 15, and iPadOS 15. Processing a maliciously crafted audio file may lead to the disclosure of restricted memory...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved checks. This issue is fixed in Safari 17.3, iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, and watchOS 10.3. A malicious website may cause unexpected cross-origin behavior...

Astra Linux - уязвимость в thunderbird, firefox

Due to the Firefox GTK wrapper code using text/plain for drag data, and GTK treating all text/plain MIME types that contain file URLs as being dragged, a website can arbitrarily read a file by calling DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw89: wow: fixed the GTK offload H2C skbuff issue We mistakenly considered skb to be too large, which might have exceeded skb-end. Therefore, we have corrected this issue. skbuff: skboverpanic: text:ffffffffc09e9a9d...

Astra Linux - уязвимость в webkit2gtk

In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889...

Astra Linux - уязвимость в webkit2gtk

A correctness issue in JIT was addressed through improved checks. This issue has been fixed in tvOS 16.1, iOS 15.7.1, iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1, and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app...

Chromium: CVE-2026-8555 Use after free in GTK

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-8555

An use after free flaw was found in the GTK component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500033878...

EUVD-2026-30471

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-8555

CVE-2026-8555 pertains to a use-after-free in GTK used by Google Chrome on Windows, affecting Chromium GTK integration. The vulnerability arises in GTK components when handling crafted HTML pages, enabling a remote attacker to execute arbitrary code. The issue is reported for Chrome builds prior ...