CVE-2026-9110

An inappropriate implementation flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503551154...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Nautobot 安全漏洞

Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the combination of the find field and the useregex flag during batch renaming of UI objects, allowing for the us...

PT-2026-44664

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.216 Description A use after free issue allows a remote attacker to execute arbitrary code via a crafted HTML page. This exploitation requires the attacker to convince a user to perform specific...

PT-2026-44240

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A flaw exists in the RDMA mana component where a user can specify Work Queues WQs sharing the same Completion Queue CQ as part of the user API. This action triggers a WARN ON condition with...

CVE-2026-21785 HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

CVE-2025-68709

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

SUSE CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

Do You Dare to Try Test-Driven Forensics? Increasing Trust in Desktop Forensics with ADARE

Digital forensic relies on validated tools and established procedures, yet the underlying operating systems, applications, and analysis tools evolve rapidly. This evolution can cause artifact behavior and tool outputs to drift, silently degrading repeatability and confidence in long-lived forensi...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from a problem with UI components that allowed reusing of resources after they were released. This could allow remote...

Google Chrome和gh 安全漏洞

Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on iOS prior to 148.0.7778.216, there was a security vulnerability. This vulnerability stemmed from the fact that iOS did not initialize certain functions properly, which could allow remote attackers to induce...

chromium -- security fixes

Chrome Releases reports: This update includes 151 security fixes: 505077859 Critical CVE-2026-9872: Out of bounds write in GPU. 507365348 Critical CVE-2026-9873: Use after free in Network. 500609038 Critical CVE-2026-9874: Use after free in Dawn. 507508103 Critical CVE-2026-9875: Out of bounds re...

PT-2026-44560

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the Passwords component allows a remote attacker to perform UI spoofing by using a crafted HTML page. Recommendations Update to version...

PT-2026-44694

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the OptimizationGuide component allows a remote attacker who has already compromised the renderer process to perform UI spoofing by using ...

PT-2026-44662

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the TabStrip component. A remote attacker can exploit heap corruption by convincing a user to perform specific UI gestures while interacting with a...

DEBIAN-CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

EUVD-2025-209946

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...