3699 matches found
CVE-2026-14138
Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14099
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14028
Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14005
Google Chrome for Android is affected by a use-after-free in Omnibox leading to potential heap corruption via a crafted HTML page. This vulnerability requires user interaction (UI gestures) and can impact confidentiality, integrity, and availability as per CVSS. Affected component: Chrome Android...
CVE-2026-13997
Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13986
Inappropriate implementation in Media UI in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13973
Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13956
Incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13907
CVE-2026-13907 describes an inappropriate implementation in iOSWeb in Google Chrome on iOS (versions prior to 150.0.7871.47) that could allow UI spoofing when a user is guided to perform specific UI gestures on a crafted HTML page. Impact is described as Medium (CVSS 4.2); remediation or patch de...
CVE-2026-13895
CVE-2026-13895 concerns an inappropriate implementation in Google Chrome’s Autofill component (Chromium) prior to version 150.0.7871.47. A remote attacker could trigger UI spoofing by persuading a user to perform specific UI gestures on a crafted HTML page. The documented impact is limited to UI ...
CVE-2026-13860
Google Chrome on Windows is affected by CVE-2026-13860 due to an Incorrect security UI in Autofill, allowing UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. The issue affects Chrome versions prior to 150.0.7871.47; exploitation requires user interaction...
CVE-2026-13807
Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. Chromium security severity: High...
CVE-2026-13802
CVE-2026-13802 is a use-after-free vulnerability in Chrome’s Views component that can enable arbitrary code execution when a user is tricked into specific UI gestures on a crafted HTML page. The public reports (NVD, Debian OSV, ENISA EUVD, CVE List, and related vendor advisories) consistently des...
CVE-2026-12912 Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT8BITABGR output format and a specific stride value, leading to a heap-base...
CVE-2026-12912
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT8BITABGR output format and a specific stride value, leading to a heap-base...
PYSEC-2026-332 ExecuTorch integer overflow vulnerability
An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...
PT-2026-53316
Name of the Vulnerable Software and Affected Versions libtiff affected versions not specified Description A heap-based buffer overflow exists in the PixarLog decoder. A remote attacker can trigger this issue by providing a specially crafted PixarLog-compressed TIFF image. The flaw occurs during t...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...
CVE-2025-15619
Technical details about CVE-2025-15619 are not publicly available in the provided documents. No affected products, versions, or remediation are specified. Monitor for updates.
EUVD-2025-210310
HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...