4404 matches found
CVE-2026-13866
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13866
CVE-2026-13866 affects Google Chrome on Android prior to 150.0.7871.47. The issue is an inappropriate implementation in Input that lets a remote attacker with renderer access bypass site isolation via a crafted HTML page. Impact is a site-isolation bypass with potential access to other origins; n...
CVE-2026-13806
Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13806
CVE-2026-13806 affects Google Chrome on desktop. The vulnerability arises from insufficient validation of untrusted input in Accessibility, allowing a renderer process compromise to bypass site isolation via a crafted HTML page. Affected versions are prior to 150.0.7871.47. The Chrome stable chan...
CVE-2026-13806
Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
GHSA-GC3J-79F2-7VVW Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance
Summary A low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent surveillance channel over any other namespace. Details Two independent flaws compounded: 1. pkg/kubewatcher/kubewatcher.go::createKubernetesWatch used...
CVE-2026-58174
Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...
CVE-2026-58372
SeaweedFS prior to 4.34 is affected by a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler. Authenticated S3 principals with write access to a single bucket can delete arbitrary objects in other tenants’ buckets by sending object keys containing ../ in the DeleteObjects ...
EUVD-2026-40355
Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...
CVE-2026-27883 Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...
SUSE-SU-2026:2238-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...
EUVD-2026-40276
Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...
PT-2026-53931
Name of the Vulnerable Software and Affected Versions CVAT versions prior to 2.69.0 Description An improper authorization issue exists in the QualityReportViewSet.get queryset function. Authenticated attackers can enumerate quality report identifiers from other organizations by exploiting a missi...
PT-2026-54143
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An improper input implementation allows a remote attacker who has already compromised the renderer process to bypass site isolation by using a specially crafted HTML page. Si...
PT-2026-54196
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted HTML page. Site isolation is ...
PT-2026-54145
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Network component allows a remote attacker who has compromised the renderer process to bypass site isolation. This is achieved through...
PT-2026-54148
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in GuestView allows a remote attacker who has compromised the renderer process to bypass site isolation through the use of a crafted HTML page. Site...
PT-2026-54308
Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Media component allows a remote attacker to bypass site isolation, a security feature that ensures web pages from different sites are...
PT-2026-53925
Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.521 Description An authorization bypass occurs during the session import process. The /api/session/import endpoint validates the workspace of an imported session under the active named profile but fails to s...
PT-2026-54083
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Accessibility component allows a remote attacker who has already compromised the renderer process to bypass site isolation. This is...