CVE-2026-45266

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...

EUVD-2026-33678

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: codecs: wcd-mbhc-v2: fixed resource leaks during component removal The MBHC resources must be released in case of component probe failures and removals; therefore, they cannot be tied to the lifetime of the component...

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

Astra Linux - уязвимость в firefox

When a user has already allowed a website to access the microphone and camera, disabling camera sharing does not completely prevent the website from re-enabling them without an additional prompt. This is only possible if the website continues to record with the microphone until the camera is...

Browser Guard gets even better with Access Control

Have you ever been on a website when a pop-up suddenly asked for access to your camera, microphone, location, or notifications? Whether you clicked “allow,” dismissed it, or just wondered why it appeared, those permission requests aren’t always harmless. Some sites can abuse those permissions. Wi...

Exploit for CVE-2024-23700

PoC for CVE-2024-23700, allowing silently obtain permissions to...

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted b...

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Chrome’s Gemini “Live in Chrome” panel Gemini’s embedded, agent-style assistant mode within Chrome had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

CVE-2026-27467

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

CVE-2026-27467

CVE-2026-27467 affects BigBlueButton up to version 3.0.19. When first joining a session with the microphone muted, the client sends audio to the server regardless of mute state; the server discards media, so it is not audible to other participants, but a malicious server operator could access the...

CVE-2026-27467

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

BigBlueButton 信息泄露漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton 3.0.19 and earlier contained a vulnerability related to information leakage. This vulnerability occurred because the client still sent audio data even when the microphone wa...

CVE-2026-23190 ASoC: amd: fix memory leak in acp3x pdm dma ops

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...

Exploit for CVE-2025-36911

🚀 wpair-app - A Tool to Understand Bluetooth Security 🎉 Ov...

Exploit for CVE-2025-36911

ZWhisper CVE-2025-36911 WhisperPair Vulnerability Scanner...

MiracleLinux 7 : firefox-68.6.0-1.0.1.el7.AXS7 (AXSA:2020-4500:06)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4500:06 advisory. Mozilla: Use-after-free when removing data about origins CVE-2020-6805 Mozilla: BodyStream::OnInputStreamReady was missing protections against state...