Chromium: CVE-2026-11219 Insufficient data validation in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-29974

The CVE-2026-29974 entry affects kosma minmea version 0.3.0, specifically the minmea_scan function. The vulnerability arises because the format specifier copies NMEA field data into a caller-provided buffer without a size parameter, enabling a stack buffer overflow when processing untrusted input...

EUVD-2026-18374

Signal K Server: Unauthenticated Source Priorities Manipulation...

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

CVE-2026-33951

Signal K Server (boat hub) exposes an unauthenticated HTTP endpoint PUT /signalk/v1/api/sourcePriorities that directly assigns user input to the server configuration, enabling attackers to modify navigation data source priorities. The issue is triggered by missing authentication/authorization and...

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0078-1 Rating: important References: 1259213 Cross-References: CVE-2026-3536 CVE-2026-3537 CVE-2026-3538 CVE-2026-3539 CVE-2026-3540 CVE-2026-3541 CVE-2026-3542 CVE-2026-3543 CVE-2026-3544 CVE-2026-3545...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20332-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20332-1 advisory. Changes in chromium: - Chromium 145.0.7632.159 boo1259213 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in...

Fedora 43 : cef (2026-b5f8adc627)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b5f8adc627 advisory. Bump to cef-145.0.28+g51162e8 + chromium 145.0.7632.159 rhbz2437035 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue i...

DEBIAN-CVE-2026-3545

Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-3545

Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-3545

Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

qt6-webengine -- multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...

RHEL 9 : gpsd-minimal (RHSA-2026:0771)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0771 advisory. gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on...

EUVD-2024-1012

Malicious code in bioql PyPI...

chromium-browser: HTTP authentication spoof

Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...