CVE-2026-7927

Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-7927

Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-7927

Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-7927

CVE-2026-7927 is a Chrome sandbox Type Confusion in Runtime vulnerability affecting Google Chrome before version 148.0.7778.96. The issue, described in multiple connected sources, stems from a runtime type-handling confusion that could allow a remote attacker to execute arbitrary code within the ...

CVE-2026-7927

Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

Attackers adopt JavaScript runtime Bun to spread NWHStealer

In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers behind this stealer are continuously finding new methods to distribute the stealer. During our hunting activities, we noticed how attackers are using a JavaScript runtime called Bun to help distribut...

EUVD-2026-27673

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

EUVD-2026-27739

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

CVE-2026-43275

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

CVE-2026-43177

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

CVE-2026-43275 scsi: ufs: core: Flush exception handling work when RPM level is zero

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

CVE-2026-43275

In the Linux kernel, a race condition in the UFS core driver can occur during system suspend when Runtime Power Management (RPM) level is zero. The driver previously bypassed flushing the exception-event handling work in this state, risking illegal host-controller access after entering deep power...

CVE-2026-43275

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

CVE-2026-43229 media: chips-media: wave5: Fix device cleanup order to prevent kernel panic

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

CVE-2026-43177 media: ipu6: Fix RPM reference leak in probe error paths

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

CVE-2026-43177

In the Linux kernel ipu6 driver, CVE-2026-43177 is due to a runtime PM reference leak in probe error paths of the ipu6_pci_probe() routine. Several error paths jumped to cleanup without releasing the runtime PM reference, risking resource exhaustion and potential DoS. The published fixes add a pm...

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +6304 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.3.4 <=4.5.26)

io.vertx:vertx-core MAVEN version =4.3.4, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 - ai.pipestream.module:module-chunk...

SUSE CVE-2026-43015

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note that there is a commit d82d5303c4c5 "net: macb: fix use after free on...

AgentTrust: Runtime Safety Evaluation and Interception for AI Agent Tool Use

Modern AI agents execute real-world side effects through tool calls such as file operations, shell commands, HTTP requests, and database queries. A single unsafe action, including accidental deletion, credential exposure, or data exfiltration, can cause irreversible harm. Existing defenses are...