1400 matches found
CVE-2026-56254 capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution
In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...
CVE-2026-56254 capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution
In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...
CVE-2026-56254
CVE-2026-56254 affects "@capgo/capacitor-updater" prior to version 12.128.2. The end‑to‑end encryption scheme distributes the private key to every device that downloads the app, allowing the public key to be derived from the private key. This enables an attacker who can perform a MITM attack or c...
CVE-2025-53827
ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...
CVE-2025-53827 ownCloud Core: Updater has an exposed dangerous method or function
ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...
CVE-2025-53827
ownCloud Core Updater on versions prior to 10.15.3 exposes a dangerous method/function. Attackers with administrative privileges may leverage it to execute arbitrary code. The issue is fixed in 10.15.3 (CVSSv3.1: 9.1, CRITICAL; network, high impact on confidentiality, integrity, and availability).
PT-2026-55938
Name of the Vulnerable Software and Affected Versions ownCloud Core versions prior to 10.15.3 Description The Updater component of the server-side file storage, synchronization, and sharing application contains an exposed dangerous method or function. Attackers with administrative privileges can...
[SECURITY] Fedora 44 Update: clamav-1.4.5-1.fc44
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...
CVE-2026-54673
A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability allows a remote attacker to obtain sensitive user credentials. When an Electron application performs an HTTP redirect, the electron-updater's redirect handler fails to strip...
CVE-2026-54672
A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability arises because AppImage targets, built by app-builder-lib, incorrectly add the current working directory to the dynamic linker search path when setting the LDLIBRARYPATH...
EUVD-2026-40800
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40706
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
EUVD-2026-40530
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...
EUVD-2026-40486
Inappropriate implementation in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...
EUVD-2026-40513
Use after free in Updater in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. Chromium security severity: High...
Linux Distros Unpatched Vulnerability : CVE-2026-14018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious...
Linux Distros Unpatched Vulnerability : CVE-2026-13827
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Updater in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. Chromium...
CVE-2026-54673
electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...
CVE-2026-54672
electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...
DEBIAN-CVE-2026-14113
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...