DEBIAN-CVE-2026-11693

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-11011

CVE-2026-11011 affects Google Chrome Password Manager. The vulnerability is described as insufficient policy enforcement in Password Manager, allowing a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. Public advisories (Debian DSA-6325-1 ...

Improper Isolation or Compartmentalization

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the globalPromise.prototype.then onFulfilled wrapper in the Promise bridge. An attacker can supply...

SUSE CVE-2026-41174

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

GHSA-XHJW-95FP-8VGQ Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Summary There is a vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same...

CVE-2026-29648

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

CVE-2026-29648

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG fails to restrict access to henvcfg and senvcfg. This allows less-privileged code to read or write these CSRs without the required exception, potentially bypassing state-enable based isolation in virtualized or multi-priv...

PT-2026-30010

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

CVE-2026-23809

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

CVE-2026-23808

A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key GTK on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthoriz...

Exploiting Page Faults for Covert Communication

We present a novel mechanism to construct a covert channel based on page faults. A page fault is an event that occurs when a process or a thread tries to access a page of memory that is not currently mapped to its address space. The kernel typically responds to this event by performing a context...

Linux Distros Unpatched Vulnerability : CVE-2016-3750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not...

Namespace Label Injection

github.com/projectcapsule/capsule is vulnerable to namespace label injection. The vulnerability is due to improper validation of labels in system namespaces, which allows an attacker to inject arbitrary labels, bypass multi-tenant isolation, and escalate privileges to access cross-tenant resource...

CVE-2024-36354

CVE-2024-36354 covers improper input validation of DIMM SPD metadata that can bypass SMM isolation and lead to arbitrary code execution at the SMM level. Affected: AMD client/server/embedded processors with non‑compliant DIMMs; root cause is SPD metadata input validation weakness allowing bypass ...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: CVE-2024-44308: Fixed processing maliciously crafted web content that may lead to arbitrary code execution bsc1233631 CVE-2024-44309: Fixed data isolation bypass vulnerability bsc1233632 Patch Instructions: To install this SUSE update use th...

CVE-2024-9341

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

OpenStack: malicious qcow2/vmdk images

An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...

The vulnerability of the tracker-miners package in the GNOME environment of Linux operating systems allows a hacker to circumvent the restrictions of a isolated software environment.

The vulnerability of the tracker-miners package in the GNOME environment of Linux operating systems is related to a violation of data protection mechanisms. Exploiting this vulnerability allows an attacker to circumvent the restrictions of a isolated software environment...

CVE-2023-34415

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host a...

CVE-2023-31134

The CVE-2023-31134 issue affects Tauri builds where IPC isolation can be bypassed by redirecting an existing window to an external website. This vulnerability exists in specific pre-patch versions: 1.0.0–1.0.9, 1.1.0–1.1.4, and 1.2.0–1.2.5. The attack surface is the IPC layer, granting external s...