Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation in ServiceWorkers. This vulnerability could allow remote attackers who have compromised rendering processes to...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of WebUI policies, which could allow remote attackers with access to the rendering process to bypass...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from improper implementations in Cast, and could allow remote attackers with access to the damaged rendering process to bypass...

Insecure Inherited Permissions

Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions when handling public methods on ViewComponent::Preview, which are treated as reachable even if the methods are not explicitly allowed, in renderwithtemplate. An attacker can render internal Rails templates...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fixed the issue where kvzalloc was used instead of statekcalloc. The adrenoshowobject function is problematic. It reallocates the pointer it passes on during the first call, when the data is encoded as ascii85. This...

Astra Linux – Vulnerability in Firefox

In canvas rendering, a compromised content process could cause a surface to change unexpectedly, leading to a memory leak in a privileged process. This memory leak could be exploited to perform a sandbox escape if the correct data was leaked. This vulnerability affects Firefox versions earlier th...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/dsi: fixed memory corruption caused by too many bridges. Added a missing sanity check on the bridge counter to prevent corruption of data beyond the fixed-sized bridge array, in case there are ever more than eight...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Invalid parameter check in msmdsiPhyEnable The function performs a check on the “phy” input parameter, however, it is used before the check. The “dev” variable is initialized after the sanity check to avoid a possibl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid division by zero by initializing the dummy pitch to 1. Why If the dummy values in populatedummydmlsurfacecfg are not updated, they may lead to a division by zero in downstream calls such as...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an array-index-out-of-bounds issue in dcn35clkmgr. Why There is a potential memory access violation during the iteration of the dcn35 clks’ array. How The iteration rate per array size has been limited...

Astra Linux – Vulnerability in sdl-image1.2

A vulnerable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating a buffer that is too small. This buffer can then be written beyond its boundaries, leading to ...

CVE-2026-31784

A flaw was found in the Linux kernel's drm/xe/pxp component. An issue exists where a restart flag in the pxpstart function is not properly cleared. This oversight can cause the function to continuously loop, potentially leading to a system hang or crash, resulting in a Denial of Service DoS...

PT-2026-36419

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxp start after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. cherry picked from commit...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to deny a write to a read-only VMA in the drm/xe page error handling, which could lead to elevatio...

Imagination Graphics DDK 资源管理错误漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. The Imagination Graphics DDK suffers from a resource management error vulnerability that stems from a write-release-after-reuse crash triggered when WebGPU content is loaded into the GPU GLES rendering process, which cou...

Imagination Graphics DDK 资源管理错误漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. The Imagination Graphics DDK suffers from a Resource Management Error vulnerability that originates when WebGPU content is loaded into the GPU GLES rendering process triggering a write-release-after-reuse crash, which...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to perform boundary checks on user control pointers in drm-compatible ioctl paths, which could lea...

CVE-2026-3346 Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2026-3346

Summary: CVE-2026-3346 affects IBM Langflow Desktop 1.6.0–1.8.4. Affected component is the Markdown rendering pipeline via rehypeRaw, where unsafe handling allows an authenticated user to inject arbitrary JavaScript through a stored XSS vector, potentially leading to credentials disclosure within...

CVE-2026-3346 Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...