VIR Vulnerability Intelligence Relay

Search

Found 2,374 results in 197ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-32209 medium 4.4 4.4 FIX windows windows 24d ago Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CVE-2026-32204 high 7.8 7.8 windows windows microsoft 24d ago External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32185 medium 5.5 5.5 windows windows microsoft 24d ago Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32177 high 7.3 7.3 windows windows 24d ago Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32175 medium 4.3 4.3 windows windows 24d ago A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to ce…
CVE-2026-32170 medium 6.7 6.7 FIX windows windows 24d ago Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-32161 high 7.5 7.5 FIX windows windows 24d ago Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent net…
CVE-2026-21530 medium 6.7 6.7 FIX windows windows 24d ago Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-8368 medium 6.5 6.5 FIX debian debian sleswindows windows 24d ago LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before …
CVE-2026-6402 medium 6.5 6.5 sleswindows windows webpack.js 25d ago webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
CVE-2026-43284 high 8.8 9.8 EXPFIX rhel slesdebian debian awsgoogle 25d ago Important: kernel security update
CVE-2026-7790 high 7.5 7.5 debian debianwindows windows ninenines 25d ago Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation. The chunked transfer-encoding parser in cow_http_te accepts an unbounded number …
CVE-2026-43968 medium 4.0 4.0 FIX debian debianwindows windows ninenines 25d ago ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values
CVE-2026-5172 high 7.3 7.3 FIX debian debian sleswindows windows 25d ago A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc…
CVE-2026-44777 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other.
CVE-2026-43896 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab…
CVE-2026-43895 medium 4.4 4.4 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during mo…
CVE-2026-43894 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.…
CVE-2026-41257 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator …
CVE-2026-41256 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil…
CVE-2026-40612 medium 5.5 5.5 FIX debian debian sleswindows windows jqlang 25d ago jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with…
CVE-2026-43500 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 26d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and th…
CVE-2026-8177 high 7.5 7.5 FIX debian debian sleswindows windows 26d ago XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UT…
CVE-2026-45186 high 7.5 7.5 FIX debian debian sleswindows windows libexpat_project 27d ago RHSA-2026:23230: expat security update (Important)
CVE-2026-7568 high 7.5 7.5 FIX slesdebian debianwindows windows php 27d ago Important: php:8.2 security update
CVE-2026-7262 high 7.5 7.5 FIX slesdebian debianwindows windows php 27d ago Important: php:8.2 security update
CVE-2026-7259 medium 6.5 6.5 FIX slesdebian debianwindows windows php 27d ago In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to  a NULL pointer dereference, re…
CVE-2026-7258 high 7.5 7.5 FIX slesdebian debianwindows windows php 27d ago Important: php:8.2 security update
CVE-2026-6735 medium 6.1 6.1 FIX slesdebian debianwindows windows php 27d ago Important: php:8.2 security update
CVE-2026-6667 medium 4.3 4.3 FIX debian debianwindows windows pgbouncer 28d ago PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization)…
CVE-2026-6666 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 28d ago A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
CVE-2026-6664 high 7.5 7.5 FIX debian debianwindows windows pgbouncer 28d ago An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
CVE-2026-45130 medium 5.5 5.5 FIX slesdebian debianwindows windows vim 28d ago Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc…
CVE-2026-44656 medium 5.3 5.3 FIX slesdebian debianwindows windows vim 28d ago Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick…
CVE-2026-43474 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context wh…
CVE-2026-43464 high 7.5 7.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when …
CVE-2026-43456 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KA…
CVE-2026-43443 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acp_card_rt5682_init() and acp_card_rt5682s_init() …
CVE-2026-43421 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix net_device lifecycle with device_move The network device outlived its parent gadget device during disconn…
CVE-2026-43416 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current->mm is alive before getting user callchain It may happen that mm is already released, which lea…
CVE-2026-43400 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpu_userq_signal_ioctl can lead to a OOM…
CVE-2026-43398 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and…
CVE-2026-43353 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple tra…
CVE-2026-43352 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: …
CVE-2026-43344 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_t…
CVE-2026-43338 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a tra…
CVE-2026-43331 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Disable KCOV instrumentation after load_segments() The load_segments() function changes segment registers, invalidatin…
CVE-2026-43321 high 7.8 7.8 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a `gotox rX` instruction the rX register should be marked as used in the…
CVE-2026-43320 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue [why] Need to add function hook check before use
CVE-2026-43319 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fix lock inversion between spi_lock and buf_lock The spidev driver previously used two mutexes, spi_lock and buf_loc…
CVE-2026-43318 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify Invalidating a dmabuf will impact other users of the shared BO. In th…
CVE-2026-43317 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for s…
CVE-2026-43311 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: soc/tegra: pmc: Fix unsafe generic_handle_irq() call Currently, when resuming from system suspend on Tegra platforms, the followi…
CVE-2026-43310 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: th…
CVE-2026-43309 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID a…
CVE-2026-43308 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() There is no need to BUG(), we can just return an error…
CVE-2026-43306 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIG_CFI enabled, the kernel strictly enforces that indirect function c…
CVE-2026-43305 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path [Why] The evaluation for whether we need to use the DMU…
CVE-2026-43303 high 7.8 7.8 FIX sles rheldebian debian google 28d ago In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: clear page->private in free_pages_prepare() Several subsystems (slub, shmem, ttm, etc.) use page->private but don'…
CVE-2026-43300 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() In jdi_panel_dsi_remove(), jdi is explicitly checked…
CVE-2026-43299 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() [BUG] There is a bug report that when btrfs hits ENO…
CVE-2026-43298 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace…
CVE-2026-43294 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b ("clk: renesas: r9a07g04…
CVE-2026-43292 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node When CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during…
CVE-2025-71302 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules…
CVE-2025-71299 medium 5.5 5.5 FIX slesdebian debian linux-kernel 28d ago In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled …
CVE-2026-41105 high 8.1 8.1 windows windows microsoft 29d ago Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-35435 high 8.6 8.6 windows windows microsoft 29d ago Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-34327 high 8.2 8.2 windows windows microsoft 29d ago Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33111 high 7.5 7.5 windows windows microsoft 29d ago Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
CVE-2026-32207 high 8.8 8.8 windows windows microsoft 29d ago Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26164 high 7.5 7.5 windows windows microsoft 29d ago Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129 high 7.5 7.5 windows windows microsoft 29d ago Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-42501 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr…
CVE-2026-42499 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
CVE-2026-39836 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
CVE-2026-39826 medium 6.1 6.1 FIX debian debian sleswindows windows golanggoogle 29d ago If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a…
CVE-2026-39825 medium 5.3 5.3 FIX debian debian sleswindows windows golanggoogle 29d ago ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitize…
CVE-2026-39823 medium 6.1 6.1 FIX debian debian sleswindows windows golanggoogle 29d ago CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins…
CVE-2026-39820 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
CVE-2026-39819 medium 5.3 5.3 FIX debian debian sleswindows windows golanggoogle 29d ago The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one…
CVE-2026-39817 medium 5.9 5.9 FIX debian debian sleswindows windows golanggoogle 29d ago The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su…
CVE-2026-33814 high 7.5 7.5 debian debian sleswindows windows golanggoogle 29d ago When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
CVE-2026-33811 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
CVE-2026-42011 high 7.4 7.4 FIX debian debian sleswindows windows 29d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-42010 high 7.1 7.1 FIX debian debian sles rhel gnuredhat 29d ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-41675 high 8.0 FIX slesdebian debianwindows windows 1mo ago xmldom has XML node injection through unvalidated processing instruction serialization
CVE-2026-41674 high 8.0 FIX slesdebian debianwindows windows 1mo ago xmldom has XML injection through unvalidated DocumentType serialization
CVE-2026-41673 high 8.0 FIX slesdebian debianwindows windows 1mo ago xmldom: Uncontrolled recursion in XML serialization leads to DoS
CVE-2026-41672 high 8.0 FIX slesdebian debianwindows windows 1mo ago xmldom has XML node injection through unvalidated comment serialization
CVE-2026-44307 high 8.0 FIX debian debianwindows windows 1mo ago Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
CVE-2026-8021 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 1mo ago Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafte…
CVE-2026-8020 medium 5.3 5.3 FIX debian debianwindows windows google 1mo ago Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process…
CVE-2026-8019 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8018 high 8.1 8.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security…
CVE-2026-8016 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8015 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8014 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8013 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L…
CVE-2026-8012 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a craft…