GO-2026-4684 Traefik: HTTP/2 frames can cause a running server to panic in github.com/traefik/traefik

Traefik: HTTP/2 frames can cause a running server to panic in github.com/traefik/traefik...

CVE-2026-32240 Cap'n Proto: Integer overflow in KJ-HTTP chunk size

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component...

bad reuse of HTTP Negotiate connection

...

EUVD-2026-11432

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-25819

CVE-2026-25819 affects HMS Networks Ewon Flexy and Cosy+ devices. Vulnerable versions include Flexy firmware before 15.0s4, Cosy+ firmware 22.xx before 22.1s6, and Cosy+ firmware 23.xx before 23.0s3. The issue allows unauthenticated attackers with GUI access to trigger a specially crafted HTTP re...

CKEditor < 47.6.0 XSS

The version of CKEditor included on the remote web host prior to 47.6.0. It may, therefore, be affected by a cross-site scripting XSS vulnerability. - CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting XSS vulnerability has...

DEBIAN-CVE-2026-3941

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-3940

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2026-3942

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-3942

The CVE-2026-3942 issue is a Chrome/Chromium vulnerability where the PictureInPicture security UI could be spoofed by a crafted HTML page. Affected product: Google Chrome/Chromium (Chromium-based browser). Root cause: incorrect security UI in PictureInPicture prior to version 146.0.7680.71. Impac...

CVE-2026-3941

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-3938

CVE-2026-3938 affects Google Chrome/Chromium clipboard policy enforcement. Prior to version 146.0.7680.71, a renderer-compromised attacker could leak cross-origin data via a crafted HTML page due to insufficient clipboard policy enforcement. Impact is data leakage with low severity according to C...

CVE-2026-3937

Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-3931

Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-3929

CVE-2026-3929 : A side-channel information leakage in Chrome/Chromium’s ResourceTiming allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected: Chrome/Chromium prior to 146.0.7680.71. Impact: information disclosure (Chromium-level) as described; CVSS base score 3.1 (L...

CVE-2026-3925

Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-3922

CVE-2026-3922 is a confirmed vulnerability in Google Chrome/Chromium involving a use-after-free in the MediaStream path. The issue allows a remote attacker to potentially trigger heap corruption via a crafted HTML page, with the impact described as high. Affected product/version details present i...

CVE-2026-3917

Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...