418 matches found
CVE-2026-52843
Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch and XMLHttpRequest unconditionally attached session cookies to every HTTP request, ignoring credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials,...
CVE-2026-61429
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...
CVE-2026-61429 PraisonAI before 1.6.78 SSRF via Crawl4AI Chromium backend
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail,...
EUVD-2026-40518
Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
Linux Distros Unpatched Vulnerability : CVE-2026-13832
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a...
CVE-2026-13832
Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-13832
Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-13832
CVE-2026-13832 affects Google Chrome Headless prior to 150.0.7871.47, where a use-after-free in the Headless renderer could allow a remote attacker who has already compromised the renderer to bypass the sandbox via a crafted HTML page. The vulnerability is described as high impact with potential ...
CVE-2026-13832
Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-13832
Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
PT-2026-54109
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Headless mode of the browser. This flaw allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox...
MAL-2026-6654 Malicious code in app-hotmart-blog-headless (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d84025bf61426d455a22babbef859c4d8e9cd9d9312bd6c93dfcdb8ad5264db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in app-hotmart-blog-headless (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d84025bf61426d455a22babbef859c4d8e9cd9d9312bd6c93dfcdb8ad5264db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-12537
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...
EUVD-2026-38790
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...
CVE-2026-12537
Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...
CVE-2026-12537 Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...
PT-2026-51788
Name of the Vulnerable Software and Affected Versions Google Gemini CLI versions prior to 0.39.1 run-gemini-cli GitHub Action versions prior to 0.1.22 Description An OS command injection flaw exists in the container launcher used on headless CI platforms. The issue stems from unsafe parsing and...
CVE-2026-12027
The following flaw was identified in the Chromium browser: Insufficient policy enforcement Headless. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517517155...