Chromium: CVE-2026-11225 Incorrect security UI in WebUI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-34636

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11270

Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-29603

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2025-46311

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...

CVE-2026-28964

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Vim vulnerabilities (USN-8213-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8213-1 advisory. Micha Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. A...

openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access

Summary When openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin directive, clients that do not support WebAuth/SSO e.g., the openvpn CLI on Linux are incorrectly admitted to the VPN despite being denied by the authentication logic. The...

SUSE-SU-2026:20535-1 Security update for cups

This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients bsc1244057. - CVE-2025-58060: authentication bypass with AuthType...

PT-2026-21676

Name of the Vulnerable Software and Affected Versions RTU500 affected versions not specified Description An unprivileged user can read user management information through the RTU500 web interface. Accessing this information requires tools like browser development utilities and does not occur...

PT-2026-21302

Name of the Vulnerable Software and Affected Versions Kargo versions 1.9.0 through 1.9.2 Description Kargo manages and automates the promotion of software artifacts. The authorization model includes a 'promote' verb intended to control access to promotion pipelines. While correctly enforced in th...

CVE-2026-20640

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac...

Important: Red Hat Security Advisory: python3.12-urllib3 security update

An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE-SU-2026:20229-1 Security update for cups

This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues bsc1253783. - CVE-2025-58436: slow client communication leads to a possible DoS attack bsc1244057. - CVE-2025-58364:...

CVE-2026-22626

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages...

AlmaLinux 9 : python3.12-urllib3 (ALSA-2026:1088)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:1088 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2018-12260

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices...

CVE-2018-4279

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2...

CVE-2018-4391

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...