CVE-2026-11068

Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2025:03198-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03198-1 advisory. Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: - CVE-2025-0665:...

AZL-67290 CVE-2025-10148 affecting package cmake for versions less than 3.30.3-10

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2025-5399

CVE-2025-5399 affects libcurl’s WebSocket handling. The defect in curl_ws_send/curl WebSocket code can cause a malicious server to trigger an endless busy-loop, leading to denial of service as the application hangs until process termination. Public details confirm the issue arises from a WebSocke...