CVE-2025-27853

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An...

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

Posted by Seth Jenkins We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026. Whil...

EUVD-2026-29525

Improper conditions check in some firmware for some IntelR NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via...

EUVD-2026-29521

Incorrect default permissions for some IntelR NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation ...

Intel NPU Driver Advisory - Lenovo Support US

No description provided...

CVE-2026-20754

Improper conditions check in some firmware for some IntelR NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via...

CVE-2026-20718

Incorrect default permissions for some IntelR NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation ...

CVE-2026-20718

CVE-2026-20718 concerns incorrect default permissions in Intel NPU Driver installers prior to 32.0.100.4511. The issue, exploitable by a local attacker with an authenticated user and high attack complexity, may enable privilege escalation in Ring 3 (User Applications) and could impact confidentia...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs by the GPU component. It could allow remote attackers with...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by a heap buffer overflow issue in the GPU component. This vulnerability could allow remote attackers to execute out-of-bound memory writes through...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient GPU policy execution, which could allow remote attackers to exploit the system through specially crafted HTML...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation by the GPU component, which could allow remote attackers with compromised rendering...

Chromium: CVE-2026-8020 Uninitialized Use in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

PT-2026-39565

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm build pdu session establishment accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be...

KLA91027 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of...

OESA-2026-2232 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, a security vulnerability exists in the IOMMU Shared Virtual Addressing SVA feature. On x86 architecture when CONFIGX86 is set, IOMMU hardware caches kernel page table entries. Due to the lack of notification...

SUSE CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

SUSE CVE-2026-43131

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...

SUSE CVE-2026-43227

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/shtmu: Always leave device running after probe The TMU device can be used as both a clocksource and a clockevent provider. The driver tries to be smart and power itself on and off, as well as enabling and...

CVE-2026-7985

An use after free flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498352423...