Astra Linux - уязвимость в chromium

The use of after-free in MediaStream in Google Chrome before version 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of “after free” in Media Stream in Google Chrome before version 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of after-free in MediaStream in Google Chrome before version 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

CLSA-2026-1777543457 webkit2gtk3: Fix of 9 CVEs

Update to 2.50.6 to fix the following vulnerabilities WSA-2026-0001: - CVE-2025-43213: type confusion in JavaScriptCore fixed in 2.50.5 - CVE-2025-43214: out-of-bounds read in WebCore fixed in 2.50.5 - CVE-2025-43457: integer overflow in WebKit canvas rendering fixed in 2.50.6 - CVE-2025-43511:...

CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

CVE-2026-41416

PJSIP (C library) has an integer overflow in the media stream buffer size calculation when processing SDP with asymmetric ptime configuration in versions 2.16 and earlier. This may lead to an undersized buffer and memory corruption or unexpected termination. The issue is fixed in version 2.17; up...

CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

CVE-2026-40116

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

CVE-2026-32062

OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open ...

Chromium: CVE-2026-3922 Use after free in MediaStream

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE CVE-2026-3922

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-11436

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-3922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2026-3922

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3922

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3922

CVE-2026-3922 : Use-after-free in MediaStream in Google Chrome prior to 146.0.7680.71 may allow a remote attacker to potentially cause heap corruption via a crafted HTML page. Affected: Google Chrome (MediaStream component). Impact details are as stated; exploits are not described in the provided...

CVE-2026-3922

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-32062 OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream

OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold...