diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 431bdeb594ce..968bbad02470 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,320 +1,371 @@ + + chromium -- multiple security fixes + + + chromium + 144.0.7559.59 + + + ungoogled-chromium + 144.0.7559.59 + + + + +

Chrome Releases reports:

+
This update includes 10 security fixes:
+
+
[458914193] High CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745 on 2025-11-08
+
[465730465] High CVE-2026-0900: Inappropriate implementation in V8. Reported by Google on 2025-12-03
+
[40057499] High CVE-2026-0901: Inappropriate implementation in Blink. Reported by Irvan Kurniawan (sourc7) on 2021-10-04
+
[469143679] Medium CVE-2026-0902: Inappropriate implementation in V8. Reported by 303f06e3 on 2025-12-16
+
[444803530] Medium CVE-2026-0903: Insufficient validation of untrusted input in Downloads. Reported by Azur on 2025-09-13
+
[452209495] Medium CVE-2026-0904: Incorrect security UI in Digital Credentials. Reported by Hafiizh on 2025-10-15
+
[465466773] Medium CVE-2026-0905: Insufficient policy enforcement in Network. Reported by Google on 2025-12-02
+
[467448811] Low CVE-2026-0906: Incorrect security UI. Reported by Khalil Zhani on 2025-12-10
+
[444653104] Low CVE-2026-0907: Incorrect security UI in Split View. Reported by Hafiizh on 2025-09-12
+
[452209503] Low CVE-2026-0908: Use after free in ANGLE. Reported by Glitchers BoB 14th. on 2025-10-15
+
+

+ + + + CVE-2026-0899 + CVE-2026-0900 + CVE-2026-0901 + CVE-2026-0902 + CVE-2026-0903 + CVE-2026-0904 + CVE-2026-0905 + CVE-2026-0906 + CVE-2026-0907 + CVE-2026-0908 + https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html + + + 2026-01-13 + 2026-01-15 + + + virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following') py310-virtualenv py311-virtualenv py312-virtualenv py313-virtualenv py313t-virtualenv py314-virtualenv 20.36.1

https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports:

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.

CVE-2026-22702 https://cveawg.mitre.org/api/cve/CVE-2026-22702 2026-01-10 2026-01-12 libtasn1 -- Stack-based buffer overflow libtasn1 4.21.0

oss-security@ list reports:

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

CVE-2025-13151 https://nvd.nist.gov/vuln/detail/CVE-2025-13151 2026-01-07 2026-01-11 Gitlab -- vulnerabilities gitlab-ce gitlab-ee 18.7.018.7.1 18.6.018.6.3 8.3.018.5.5

Gitlab reports:

Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE

Cross-site Scripting issue in Web IDE impacts GitLab CE/EE

Missing Authorization issue in Duo Workflows API impacts GitLab EE

Missing Authorization issue in AI GraphQL mutation impacts GitLab EE

Denial of Service issue in import functionality impacts GitLab CE/EE

Insufficient Access Control Granularity issue in GraphQL runnerUpdate mutation impacts GitLab CE/EE

Information Disclosure issue in Mermaid diagram rendering impacts GitLab CE/EE

CVE-2025-9222 CVE-2025-13761 CVE-2025-13772 CVE-2025-13781 CVE-2025-10569 CVE-2025-11246 CVE-2025-3950 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ 2026-01-07 2026-01-11 mail/mailpit -- Cross-Site WebSocket Hijacking mailpit 1.28.2

Mailpit author reports:

The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking (CSWSH) vulnerability.

An attacker can host a malicious website that, when visited by a developer running Mailpit locally, establishes a WebSocket connection to the victim's Mailpit instance (default ws://localhost:8025). This allows the attacker to intercept sensitive data such as email contents, headers, and server statistics in real-time.

CVE-2026-22689 https://github.com/axllent/mailpit/security/advisories/GHSA-524m-q5m7-79mm 2026-01-10 2026-01-10 phpmyfaq -- multiple vulnerabilities phpmyfaq-php82 phpmyfaq-php83 phpmyfaq-php84 phpmyfaq-php85 4.0.16

phpMyFAQ team reports:

Stored cross-site scripting (XSS) and unauthenticated config backup download vulnerability

https://www.phpmyfaq.de/security/advisory-2025-12-29/ 2025-12-29 2026-01-10 chromium -- multiple security fixes chromium 143.0.7499.192 ungoogled-chromium 143.0.7499.192

Chrome Releases reports:

This update includes 1 security fix:

[463155954] High CVE-2026-0628: Insufficient policy enforcement in WebView tag. Reported by Gal Weizman on 2025-11-23

CVE-2026-0628 https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html 2026-01-06 2026-01-07 security/libsodium -- crypto_core_ed25519_is_valid_point mishandles checks for whether an elliptic curve point is valid libsodium 1.0.21

Libsodium maintainer reports:

The function crypto_core_ed25519_is_valid_point(), a low-level function used to check if a given elliptic curve point is valid, was supposed to reject points that aren't in the main cryptographic group, but some points were slipping through.

CVE-2025-69277 https://00f.net/2025/12/30/libsodium-vulnerability/ 2025-12-30 2026-01-07 mail/mailpit -- Server-Side Request Forgery mailpit 1.28.1

Mailpit author reports:

A Server-Side Request Forgery (SSRF) vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources.

The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it does not block internal IP addresses, allowing attackers to access internal services and APIs.

CVE-2026-21859 https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr 2026-01-06 2026-01-06 net-mgmt/net-snmp -- Remote Code Execution (snmptrapd) net-snmp 5.9.5

net-snmp development team reports:

A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash.

CVE-2025-68615 https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq 2025-12-23 2026-01-06 gstreamer1-plugins-bad -- Out-of-bounds reads in MIDI parser gstreamer1-plugins-bad 1.26.10

The GStreamer Security Center reports:

Multiple out-of-bounds reads in the MIDI parser that can cause crashes for certain input files.

CVE-2025-67326 CVE-2025-67327 https://gstreamer.freedesktop.org/security/sa-2025-0009.html 2025-12-27 2026-01-04