Chromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

ALPINE-CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-52945

A flaw was found in the Linux kernel's WireGuard component. Under heavy network load, particularly when used with Cilium, the threaded NAPI New API implementation can cause the decryption side for a WireGuard peer to stop processing traffic. This leads to a complete stall of network communication...

CVE-2026-57236

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

DEBIAN-CVE-2026-13022

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-12032

The following flaw was identified in the Chromium browser: Inappropriate implementation Passwords. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518128953...

CVE-2026-12031

The following flaw was identified in the Chromium browser: Inappropriate implementation Views. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518045638...

GHSA-P67V-3W7G-WJG7 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

Summary Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application co...

GHSA-WJV4-X9W8-WM3H Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

Summary Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. Nokogiri...

Chromium: CVE-2026-12459 Inappropriate implementation in Serial

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.51.0, the Zip implementation calls iteratorgetunchecked more than once for the same index when it’s nested. This bug can lead to a memory safety violation due to a failure to meet the safety requirements of the TrustedRandomAccess trait...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

In xmltokimpl.c within Expat also known as libexpat, before version 2.4.5, there was no proper validation of encoding. This meant that there were no checks to determine whether a UTF-8 character was valid in a particular context...

Astra Linux – Vulnerability in Python 3.7, PHP 7.3

The Keccak XKCP SHA-3 reference implementation, prior to the update of fdc6fef, has an integer overflow and resulting buffer overflow issue. This vulnerability allows attackers to execute arbitrary code or compromise the expected cryptographic properties of the algorithm. This issue occurs within...

CVE-2026-12018

The following flaw was identified in the Chromium browser: Inappropriate implementation Mojo. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516808201...

CVE-2026-12468

An inappropriate implementation flaw was found in the Updater component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=521485244...

CVE-2026-12450

An inappropriate implementation flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=514531776...

CVE-2026-12459

An inappropriate implementation flaw was found in the Serial component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517406035...

CVE-2026-12448

An inappropriate implementation flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513458233...

CVE-2026-12438

An inappropriate implementation flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516947912...

CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...