webbrowser.open() allows leading dashes in URLs

...

tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

...

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

...

Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

...

Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

...

Libarchive: libarchive: denial of service via malformed iso file processing

...

tar-rs incorrectly ignores PAX size headers if header size is nonzero

...

tar-rs: unpack_in can chmod arbitrary directories by following symlinks

...

strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow

...

Chromium: CVE-2026-4464 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4463 Heap buffer overflow in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4462 Out of bounds read in Blink

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4461 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4460 Out of bounds read in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4458 Use after free in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4457 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4456 Use after free in Digital Credentials API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4454 Use after free in Network

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4455 Heap buffer overflow in PDFium

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4452 Integer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4451 Insufficient validation of untrusted input in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4450 Out of bounds write in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4449 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4448 Heap buffer overflow in ANGLE

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4447 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4446 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4445 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4444 Stack buffer overflow in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4443 Heap buffer overflow in WebAudio

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4441 Use after free in Base

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4440 Out of bounds read and write in WebGL

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

mm/hugetlb: fix hugetlb_pmd_shared()

...

gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

...

gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

...

pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

...

perf: Fix __perf_event_overflow() vs perf_remove_from_context() race

...

net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit

...

netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels

...

Chromium: CVE-2026-4459 Out of bounds read and write in WebAudio

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-4453 Integer overflow in Dawn

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

...

mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()

...

nghttp2 Denial of service: Assertion failure due to the missing state validation

...

fbdev: rivafb: fix divide error in nv3_arb()

...

apparmor: fix unprivileged local user can do privileged policy management

...

f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes

...

io_uring/rw: free potentially allocated iovec on cache put failure

...

btrfs: do not free data reservation in fallback from inline due to -ENOSPC

...

apparmor: validate DFA start states are in bounds in unpack_pdb

...

media: dvb-core: fix wrong reinitialization of ringbuffer on reopen

...