VIR Vulnerability Intelligence Relay

Search

Found 13,668 results in 1043ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-43349 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-…
CVE-2026-43348 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes …
CVE-2026-43346 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF whic…
CVE-2026-43344 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_t…
CVE-2026-43343 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free geth_alloc() increments the reference count, but geth_free() fails to d…
CVE-2026-43342 medium 4.7 4.7 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as …
CVE-2026-43340 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure fo…
CVE-2026-43338 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 27d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a tra…
CVE-2026-43337 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() dcn401_init_hw() assumes that update_bw_bounding_box() is valid…
CVE-2026-43335 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes() The change to dynamic IDs for SM8450 platform interc…
CVE-2026-43333 medium 5.5 5.5 FIX slesdebian debian linux-kernel google 27d ago In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTR_TO_BUF pointers check_mem_access() matches PTR_TO_BUF via base_type() which strips PTR_…
CVE-2026-43331 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Disable KCOV instrumentation after load_segments() The load_segments() function changes segment registers, invalidatin…
CVE-2026-43327 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usb…
CVE-2026-43326 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() us…
CVE-2026-43325 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't send a 6E related command when not supported MCC_ALLOWED_AP_TYPE_CMD is related to 6E support. Do not s…
CVE-2026-43323 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zero_vruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisec…
CVE-2026-43320 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue [why] Need to add function hook check before use
CVE-2026-43319 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fix lock inversion between spi_lock and buf_lock The spidev driver previously used two mutexes, spi_lock and buf_loc…
CVE-2026-43318 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify Invalidating a dmabuf will impact other users of the shared BO. In th…
CVE-2026-43317 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for s…
CVE-2026-43316 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chip_id Clang with CONFIG_UBSAN_SHIFT=y noticed a condition where a signed type (literal…
CVE-2026-43315 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding Drop the WARN in svm_set_nested_state() on nested_s…
CVE-2026-43314 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 ("blk-mq: move failure injection out of blk_mq_complete_r…
CVE-2026-43313 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() In acpi_processor_errata_piix4(), the pointer dev …
CVE-2026-43312 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647_init_controls() we call v4l2_get_subdevdata, but it is initialize…
CVE-2026-43311 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: soc/tegra: pmc: Fix unsafe generic_handle_irq() call Currently, when resuming from system suspend on Tegra platforms, the followi…
CVE-2026-43310 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: th…
CVE-2026-43309 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID a…
CVE-2026-43308 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() There is no need to BUG(), we can just return an error…
CVE-2026-43306 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIG_CFI enabled, the kernel strictly enforces that indirect function c…
CVE-2026-43305 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path [Why] The evaluation for whether we need to use the DMU…
CVE-2026-43302 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occa…
CVE-2026-43301 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspen…
CVE-2026-43300 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() In jdi_panel_dsi_remove(), jdi is explicitly checked…
CVE-2026-43299 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() [BUG] There is a bug report that when btrfs hits ENO…
CVE-2026-43298 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace…
CVE-2026-43297 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() rga_get_frame() can return ERR_PTR(-EINVAL) when buffer …
CVE-2026-43295 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() When idtab allocation fails, net is not registered with rio_…
CVE-2026-43294 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b ("clk: renesas: r9a07g04…
CVE-2026-43293 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix kthread worker destruction in polling mode Fix the cleanup order in polling mode (irq < 0) to prev…
CVE-2026-43292 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node When CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during…
CVE-2026-43289 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexec_load_purgatory() derives image->start by locating e_entry inside an SHF_EXECINSTR…
CVE-2026-43288 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4_percpu_param_init() before ext4_mb_init() When running `kvm-xfstests -c ext4/1k -C 1 generic/383` with the `DOUBL…
CVE-2026-43287 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized proper…
CVE-2026-43286 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 ("mm: hugetlb: fix incorrect fallback for subpool")…
CVE-2026-43285 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: mm/slab: do not access current->mems_allowed_seq if !allow_spin Lockdep complains when get_from_any_partial() is called in an NMI…
CVE-2025-71302 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules…
CVE-2025-71301 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and …
CVE-2025-71300 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-T…
CVE-2025-71299 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled …
CVE-2025-71298 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the …
CVE-2025-71297 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the chip…
CVE-2025-71296 medium 5.5 5.5 FIX slesdebian debian linux-kernel 27d ago In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock around calls to the ob…
CVE-2026-44928 medium 5.3 5.3 slesdebian debian uriparser_project 27d ago In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.
CVE-2026-44927 medium 5.3 5.3 slesdebian debian uriparser_project 27d ago In uriparser before 1.0.2, there is pointer difference truncation to int in various places.
CVE-2026-44916 low 3.0 3.0 FIX debian debian 27d ago In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
CVE-2023-47268 medium 5.3 5.3 debian debian prusa3d 27d ago In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
CVE-2026-42150 medium 4.8 4.8 FIX debian debian weblate 27d ago wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting…
CVE-2026-8124 medium 5.5 5.5 debian debian gpac 27d ago A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. …
CVE-2026-40295 medium 6.1 6.1 debian debian heartcombo 27d ago Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler
CVE-2026-40214 medium 6.3 6.3 FIX debian debian 28d ago In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), da…
CVE-2026-8088 medium 5.5 5.5 debian debian osgeo 28d ago A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bo…
CVE-2026-42225 medium 5.9 5.9 debian debian teluu 28d ago PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid o…
CVE-2026-39826 medium 6.1 6.1 FIX debian debian sleswindows windows golanggoogle 28d ago If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape a…
CVE-2026-39825 medium 5.3 5.3 FIX debian debian sleswindows windows golanggoogle 28d ago ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitize…
CVE-2026-39823 medium 6.1 6.1 FIX debian debian sleswindows windows golanggoogle 28d ago CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune ins…
CVE-2026-39819 medium 5.3 5.3 FIX debian debian sleswindows windows golanggoogle 28d ago The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one…
CVE-2026-39817 medium 5.9 5.9 FIX debian debian sleswindows windows golanggoogle 28d ago The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su…
CVE-2026-8084 medium 5.5 5.5 debian debian osgeo 28d ago A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This…
CVE-2026-44742 medium 6.1 6.1 FIX debian debian postorius_project 28d ago Postorius is vulnerable to XSS
CVE-2026-41650 medium 6.1 6.1 slesdebian debian naturalintelligence 28d ago fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
CVE-2026-41685 medium 4.3 4.3 FIX debian debian linuxcontainers 28d ago Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking …
CVE-2026-41684 medium 6.5 6.5 FIX debian debian linuxcontainers 28d ago Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy bac…
CVE-2026-41648 medium 5.0 5.0 FIX debian debian linuxcontainers 28d ago Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This wa…
CVE-2026-41647 medium 6.5 6.5 FIX debian debian linuxcontainers 28d ago Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a trunca…
CVE-2026-44600 medium 5.3 5.3 FIX debian debian torproject 28d ago Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
CVE-2026-44599 medium 5.3 5.3 FIX debian debian torproject 28d ago Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
CVE-2026-44312 medium 5.8 5.8 FIX debian debian 28d ago CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content
CVE-2026-41417 medium 5.3 5.3 slesdebian debian netty 29d ago Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
CVE-2026-40251 medium 6.5 6.5 FIX debian debian linuxcontainers 29d ago Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage …
CVE-2026-40243 medium 4.8 4.8 FIX debian debian linuxcontainers 29d ago Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database…
CVE-2026-40197 medium 6.5 6.5 FIX debian debian linuxcontainers 29d ago Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage …
CVE-2026-40195 medium 6.5 6.5 FIX debian debian linuxcontainers 29d ago Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage …
CVE-2026-8022 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 29d ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
CVE-2026-8021 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 29d ago Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafte…
CVE-2026-8020 medium 5.3 5.3 FIX debian debianwindows windows google 29d ago Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process…
CVE-2026-8019 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 29d ago Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8017 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 29d ago Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8015 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 29d ago Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8014 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 29d ago Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8013 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 29d ago Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L…
CVE-2026-8012 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 29d ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a craft…
CVE-2026-8011 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 29d ago Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8010 medium 6.3 6.3 FIX debian debian linux-kernelmacos macos google 29d ago Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
CVE-2026-8009 medium 5.0 5.0 FIX debian debian linux-kernelmacos macos google 29d ago Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML pa…
CVE-2026-8008 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 29d ago Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome …
CVE-2026-8006 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 29d ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chro…
CVE-2026-8005 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 29d ago Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic.…
CVE-2026-8004 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 29d ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted C…
CVE-2026-8003 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 29d ago Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security seve…