VIR Vulnerability Intelligence Relay

Search

Found 1,627 results in 158ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-6253 medium 5.9 5.9 FIX debian debian sleswindows windows haxxgoogle 23d ago curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for differ…
CVE-2026-5545 medium 6.5 6.5 FIX debian debian sleswindows windows haxxgoogle 23d ago libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a …
CVE-2026-4873 medium 5.9 5.9 FIX debian debian sleswindows windows haxxgoogle 23d ago A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SM…
CVE-2026-42898 critical 9.9 9.9 windows windows microsoft 24d ago Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42891 medium 6.5 6.5 windows windows microsoft 24d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-42838 medium 5.4 5.4 windows windows microsoft 24d ago Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a netw…
CVE-2026-42833 critical 9.1 9.1 windows windows microsoft 24d ago Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
CVE-2026-42830 medium 6.5 6.5 windows windows microsoft 24d ago Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-42823 critical 9.9 9.9 windows windows microsoft 24d ago Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-41614 medium 6.2 6.2 windows windows microsoft 24d ago Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-41612 medium 5.5 5.5 windows windows microsoft 24d ago Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41610 medium 6.3 6.3 windows windows microsoft 24d ago Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41103 critical 9.1 9.1 windows windows microsoft 24d ago Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41100 medium 4.4 4.4 windows windows microsoft 24d ago Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-41097 medium 6.7 6.7 FIX windows windows 24d ago Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-41096 critical 9.8 9.8 FIX windows windows 24d ago Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-41089 critical 9.8 9.8 FIX windows windows 24d ago Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
CVE-2026-40421 medium 4.3 4.3 windows windows microsoft 24d ago Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40416 medium 4.3 4.3 windows windows microsoft 24d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40402 critical 9.3 9.3 FIX windows windows 24d ago Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40380 medium 6.2 6.2 FIX windows windows 24d ago Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40379 critical 9.3 9.3 windows windows microsoft 24d ago Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40374 medium 6.5 6.5 windows windows microsoft 24d ago Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-35440 medium 5.5 5.5 windows windows microsoft 24d ago Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35429 medium 4.3 4.3 windows windows microsoft 24d ago User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35423 medium 5.4 5.4 FIX windows windows 24d ago Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35422 medium 6.5 6.5 FIX windows windows 24d ago Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35419 medium 5.5 5.5 FIX windows windows 24d ago Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-34350 medium 6.5 6.5 FIX windows windows 24d ago Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CVE-2026-34339 medium 5.5 5.5 FIX windows windows 24d ago Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
CVE-2026-33117 critical 9.1 9.1 windows windows microsoft 24d ago The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected a…
CVE-2026-32209 medium 4.4 4.4 FIX windows windows 24d ago Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CVE-2026-32185 medium 5.5 5.5 windows windows microsoft 24d ago Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32175 medium 4.3 4.3 windows windows 24d ago A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to ce…
CVE-2026-32170 medium 6.7 6.7 FIX windows windows 24d ago Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-21530 medium 6.7 6.7 FIX windows windows 24d ago Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-8368 medium 6.5 6.5 FIX debian debian sleswindows windows 24d ago LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before …
CVE-2026-6402 medium 6.5 6.5 sleswindows windows webpack.js 24d ago webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
CVE-2026-43969 low 3.2 3.2 FIX debian debianwindows windows ninenines 25d ago cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
CVE-2026-43968 medium 4.0 4.0 FIX debian debianwindows windows ninenines 25d ago ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values
CVE-2026-7210 critical 9.8 9.8 slesdebian debianwindows windows libexpat_projectpython 25d ago `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this…
CVE-2026-44777 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other.
CVE-2026-43896 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab…
CVE-2026-43895 medium 4.4 4.4 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during mo…
CVE-2026-43894 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.…
CVE-2026-41257 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator …
CVE-2026-41256 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil…
CVE-2026-40612 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with…
CVE-2026-7261 critical 9.8 9.8 FIX slesdebian debianwindows windows php 27d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr…
CVE-2026-7259 medium 6.5 6.5 FIX slesdebian debianwindows windows php 27d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to  a NULL pointer dereference, re…
CVE-2026-6735 medium 6.1 6.1 FIX slesdebian debianwindows windows php 27d ago Important: php:8.2 security update
CVE-2026-6722 critical 9.8 9.8 FIX slesdebian debianwindows windows php 27d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m…
CVE-2025-14179 critical 9.8 9.8 FIX slesdebian debianwindows windows php 27d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by…
CVE-2026-6667 medium 4.3 4.3 FIX debian debianwindows windows pgbouncer 28d ago PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization)…
CVE-2026-6665 critical 9.8 9.8 FIX debian debianwindows windows pgbouncer 28d ago The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se…
CVE-2026-45130 medium 5.5 5.5 FIX slesdebian debianwindows windows vim 28d ago Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc…
CVE-2026-44656 medium 5.3 5.3 FIX slesdebian debianwindows windows vim 28d ago Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick…
CVE-2026-41889 critical 9.8 9.8 debian debian sleswindows windows jackc 28d ago pgx: SQL Injection via placeholder confusion with dollar quoted string literals
CVE-2026-43474 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context wh…
CVE-2026-43465 critical 9.8 9.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer whe…
CVE-2026-43443 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acp_card_rt5682_init() and acp_card_rt5682s_init() …
CVE-2026-43421 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix net_device lifecycle with device_move The network device outlived its parent gadget device during disconn…
CVE-2026-43416 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current->mm is alive before getting user callchain It may happen that mm is already released, which lea…
CVE-2026-43414 critical 9.8 9.8 FIX slesdebian debianwindows windows 28d ago In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When a…
CVE-2026-43400 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpu_userq_signal_ioctl can lead to a OOM…
CVE-2026-43398 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and…
CVE-2026-43344 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_t…
CVE-2026-43338 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a tra…
CVE-2026-43331 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Disable KCOV instrumentation after load_segments() The load_segments() function changes segment registers, invalidatin…
CVE-2026-43320 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue [why] Need to add function hook check before use
CVE-2026-43319 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fix lock inversion between spi_lock and buf_lock The spidev driver previously used two mutexes, spi_lock and buf_loc…
CVE-2026-43318 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify Invalidating a dmabuf will impact other users of the shared BO. In th…
CVE-2026-43317 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for s…
CVE-2026-43311 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: soc/tegra: pmc: Fix unsafe generic_handle_irq() call Currently, when resuming from system suspend on Tegra platforms, the followi…
CVE-2026-43310 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: th…
CVE-2026-43309 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID a…
CVE-2026-43308 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() There is no need to BUG(), we can just return an error…
CVE-2026-43306 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIG_CFI enabled, the kernel strictly enforces that indirect function c…
CVE-2026-43305 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path [Why] The evaluation for whether we need to use the DMU…
CVE-2026-43300 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() In jdi_panel_dsi_remove(), jdi is explicitly checked…
CVE-2026-43299 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() [BUG] There is a bug report that when btrfs hits ENO…
CVE-2026-43298 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace…
CVE-2026-43294 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b ("clk: renesas: r9a07g04…
CVE-2026-43292 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node When CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during…
CVE-2025-71302 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules…
CVE-2025-71299 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled …
CVE-2026-42826 critical 10.0 10.0 windows windows microsoft 29d ago Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
CVE-2026-35428 critical 9.6 9.6 windows windows microsoft 29d ago Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33844 critical 9.0 9.0 windows windows microsoft 29d ago Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-33823 critical 9.6 9.6 windows windows microsoft 29d ago Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
CVE-2026-33109 critical 9.9 9.9 windows windows microsoft 29d ago Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
CVE-2026-39826 medium 6.1 6.1 FIX debian debian sleswindows windows golanggoogle 29d ago If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a…
CVE-2026-39825 medium 5.3 5.3 FIX debian debian sleswindows windows golanggoogle 29d ago ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitize…
CVE-2026-39823 medium 6.1 6.1 FIX debian debian sleswindows windows golanggoogle 29d ago CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins…
CVE-2026-39819 medium 5.3 5.3 FIX debian debian sleswindows windows golanggoogle 29d ago The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one…
CVE-2026-39817 medium 5.9 5.9 FIX debian debian sleswindows windows golanggoogle 29d ago The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su…
CVE-2026-8022 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
CVE-2026-8021 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 1mo ago Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafte…
CVE-2026-8020 medium 5.3 5.3 FIX debian debianwindows windows google 1mo ago Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process…
CVE-2026-8019 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)