radar.cysentrix

Archive

Page 3 of 19 — 1110 stories total

← Back to radar

Microsoft MSRC 2d ago

CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.

Information published.

vulnerability

SANS Internet Storm Center 2d ago

From a VHDX File to a Remcos RAT, (Tue, Jun 16th)

Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs):

microsoft

The Hacker News 2d ago

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of Cisc...

vulnerability Actively exploitedCVE-2026-20262 · EPSS 1%

The Hacker News 2d ago

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. T...

vulnerability

Microsoft MSRC 2d ago

Chromium: CVE-2026-11700 Use after free in Tracing

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11699 Use after free in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11698 Use after free in Bluetooth

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11697 Insufficient validation of untrusted input in UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11696 Uninitialized Use in Video

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11695 Inappropriate implementation in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11694 Use after free in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11693 Inappropriate implementation in Plugins

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11692 Use after free in Read Anything

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11690 Out of bounds read and write in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11688 Object lifecycle issue in SVG

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11687 Use after free in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11686 Insufficient validation of untrusted input in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11685 Insufficient data validation in MediaCapture

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11684 Insufficient policy enforcement in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11683 Use after free in WebCodecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11682 Insufficient validation of untrusted input in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11681 Use after free in Ozone

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11680 Use after free in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11679 Use after free in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11678 Integer overflow in libyuv

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11677 Race in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11676 Insufficient validation of untrusted input in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11675 Insufficient validation of untrusted input in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11674 Use after free in Guest View

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11673 Use after free in InterestGroups

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11672 Out of bounds write in GPU

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11671 Use after free in Navigation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11670 Use after free in PDF

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11669 Integer overflow in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11668 Uninitialized Use in Codecs

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11667 Out of bounds read in WebRTC

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11665 Out of bounds read in Dawn

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11664 Use after free in Payments

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11663 Use after free in Skia

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11662 Type Confusion in Bindings

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11661 Use after free in Views

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11659 Insufficient validation of untrusted input in UI

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11658 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11657 Use after free in Payments

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11656 Use after free in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11655 Integer overflow in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11654 Use after free in CameraCapture

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11653 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11652 Use after free in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11651 Use after free in Network

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11650 Use after free in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11649 Use after free in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11648 Use after free in FullScreen

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11647 Use after free in Printing

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11646 Use after free in ViewTransitions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft

Microsoft MSRC 2d ago

Chromium: CVE-2026-11645 Out of bounds memory access in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

vulnerabilitymicrosoft Actively exploitedCVE-2026-11645 · EPSS <1%