SUSE CVE-2026-46014

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

UBUNTU-CVE-2026-46014

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

UBUNTU-CVE-2026-45991

In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...

EUVD-2026-32453

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

CVE-2026-9003

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-9003

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-9003 TONNET｜E-LAN Hybrid Recording System - SQL Injection

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

TONNET E-LAN Hybrid Recording System SQL注入漏洞

TONNET E-LAN Hybrid Recording System is a hybrid voice recording management system designed for communication and call center scenarios by Tonnet International TONNET Company, Taiwan, China. The TONNET E-LAN Hybrid Recording System has a SQL injection vulnerability, which can allow unauthorized...

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

CVE-2026-27737

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback presentation format was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording...

CVE-2026-27737

CVE-2026-27737 affects BigBlueButton prior to version 3.0.19 . The issue arises in the recording playback (presentation format) where user input in the public chat was not sanitized, enabling a targeted XSS attack when replaying the recording. Root cause: missing input sanitization in the bbb-pla...

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open-source web conferencing system developed by the BigBlueButton community. Versions of BigBlueButton prior to 3.0.19 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean up user input in public chat areas during recording and...

PT-2026-41738

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.19 Description Recording playback in presentation format fails to sanitize user input within the public chat. This allows a malicious actor to execute a targeted Cross-Site Scripting XSS attack—a technique...

Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording

Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more...

CVE-2026-43489

A flaw was found in the Linux kernel's liveupdate mechanism. When a retrieve operation fails, the system does not properly record the failure status. This allows a local attacker to repeatedly attempt the operation, potentially leading to attempts to access or free already freed data structures...

CVE-2026-7929

An use after free flaw was found in the MediaRecording component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504660052...

SUSE CVE-2026-7929

Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

Chromium: CVE-2026-7929 Use after free in MediaRecording

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-7929

Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-7929

Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...