PT-2026-39140

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description The contact form is publicly accessible without authentication. User-supplied message text is processed by the nl2br function, which converts newlines to tags but fails to escape HTML. Thi...

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Chrome’s Gemini “Live in Chrome” panel Gemini’s embedded, agent-style assistant mode within Chrome had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file...

CVE-2025-69412

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API aka phishing API, which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration...

CVE-2025-69412

KDE messagelib vulnerable before version 25.11.90 due to ignoring SSL errors for threatMatches:find in the Google Safe Browsing Lookup API, potentially allowing spoofed threat data. The issue is mitigated by updating to KDE messagelib 25.11.90 or applying the vendor security patch described in th...