BIT-JAVA-MIN-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

PT-2026-37982

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

PT-2026-37854

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service...

PT-2026-37853

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

PT-2026-37778

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20660-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20660-1 advisory. Changes in chromium: - Chromium 147.0.7727.137 boo1263158 CVE-2026-7363: Use after free in Canvas CVE-2026-7361: Use after free in iOS...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue was addressed through improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2, and iPadOS 16.2, as well as watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, and iPadOS 15.4, as well as tvOS 15.4. A malicious website may cause unexpected cross-origin behaviors...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in the QR scanner in Google Chrome on iOS prior to version 90.0.4430.72 allowed an attacker who displayed a QR code to perform domain spoofing using a specially crafted QR code...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4, as well as iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...

CVE-2026-7671 CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

Security update for chromium (critical)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0161-1 Rating: critical References: 1263158 Cross-References: CVE-2026-6919 CVE-2026-6920 CVE-2026-6921 CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

Apple Security Advisory 04-22-2026-2

Apple Security Advisory 04-22-2026-2 - iOS 18.7.8 and iPadOS 18.7.8 address a logging issue with improved data redaction...

CVE-2026-7361

An use after free flaw was found in the iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493221953...

Google Chrome < 147.0.7727.137 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 147.0.7727.137. It is, therefore, affected by multiple vulnerabilities as referenced in the 202604stable-channel-update-for-desktop28 advisory. - Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to...

DEBIAN-CVE-2026-7361

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...