VIR Vulnerability Intelligence Relay

Search

Found 1,747 results in 51ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-10935 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10934 high 8.3 8.3 debian debian google 1d ago Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-10933 high 8.3 8.3 debian debian google 1d ago Use after free in Audio in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-10932 high 8.8 8.8 debian debian google 1d ago Use after free in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10931 critical 9.6 9.6 debian debian google 1d ago Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10930 high 8.1 8.1 macos macosdebian debian google 1d ago Out of bounds read in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10929 high 8.3 8.3 debian debian google 1d ago Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft…
CVE-2026-10928 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10927 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …
CVE-2026-10926 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: H…
CVE-2026-10925 high 8.3 8.3 macos macosdebian debian google 1d ago Out of bounds write in Skia in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-10924 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa…
CVE-2026-10923 high 8.8 8.8 debian debian google 1d ago Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)
CVE-2026-10922 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin p…
CVE-2026-10921 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…
CVE-2026-10920 high 8.3 8.3 macos macosdebian debian google 1d ago Insufficient validation of untrusted input in WebShare in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb…
CVE-2026-10919 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-10918 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…
CVE-2026-10917 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …
CVE-2026-10916 medium 6.1 6.1 debian debianmacos macos linux-kernel google 1d ago Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (…
CVE-2026-10915 high 8.3 8.3 macos macosdebian debian google 1d ago Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-10914 high 8.8 8.8 debian debian google 1d ago Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
CVE-2026-10913 high 8.8 8.8 debian debian google 1d ago Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
CVE-2026-10912 medium 6.5 6.5 debian debianmacos macos linux-kernel google 1d ago Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a …
CVE-2026-10911 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …
CVE-2026-10910 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10909 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…
CVE-2026-10908 high 8.3 8.3 debian debian google 1d ago Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…
CVE-2026-10907 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10906 high 7.5 7.5 macos macos linux-kerneldebian debian google 1d ago Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via…
CVE-2026-10905 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (…
CVE-2026-10904 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
CVE-2026-10903 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10902 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-10901 high 7.5 7.5 macos macosdebian debian google 1d ago Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTM…
CVE-2026-10900 high 7.5 7.5 macos macosdebian debian google 1d ago Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via …
CVE-2026-10899 high 7.5 7.5 linux-kerneldebian debian google 1d ago Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a …
CVE-2026-10898 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page…
CVE-2026-10897 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri…
CVE-2026-10896 high 8.8 8.8 macos macosdebian debian google 1d ago Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-10895 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-10894 high 8.3 8.3 linux-kerneldebian debian google 1d ago Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
CVE-2026-10893 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CVE-2026-10892 critical 9.6 9.6 debian debian google 1d ago Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…
CVE-2026-10891 high 8.8 8.8 linux-kerneldebian debian google 1d ago Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-10890 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium securit…
CVE-2026-10889 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
CVE-2026-10888 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security s…
CVE-2026-10887 high 8.1 8.1 macos macosdebian debian google 1d ago Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CVE-2026-10886 critical 9.6 9.6 macos macos linux-kerneldebian debian google 1d ago Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-10885 high 8.8 8.8 macos macosdebian debian google 1d ago Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-10884 high 8.3 8.3 macos macos linux-kerneldebian debian google 1d ago Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page…
CVE-2026-10883 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-10882 high 8.8 8.8 macos macos linux-kerneldebian debian google 1d ago Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-10881 critical 9.6 9.6 macos macos linux-kerneldebian debian google 1d ago Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…
CVE-2026-10875 medium 6.3 6.3 1d ago A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument…
CVE-2026-10874 medium 6.3 6.3 1d ago A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument soc…
CVE-2026-10873 high 7.2 7.2 1d ago A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command inject…
CVE-2026-10872 high 7.2 7.2 1d ago A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command inj…
CVE-2025-8873 high 7.5 7.5 1d ago On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, a…
CVE-2024-27892 critical 9.6 9.6 1d ago Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi…
CVE-2024-27891 medium 5.3 5.3 1d ago On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgo…
CVE-2024-27890 critical 9.6 9.6 1d ago Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi…
CVE-2023-5502 medium 5.9 5.9 1d ago On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to by…
CVE-2026-11322 medium 6.5 6.5 1d ago Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the d…
CVE-2026-10871 high 7.2 7.2 1d ago A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv…
CVE-2024-6858 medium 6.5 6.5 1d ago In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
CVE-2026-5066 medium 6.3 6.3 1d ago A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_…
CVE-2026-42538 medium 6.3 6.3 1d ago IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca…
CVE-2026-42329 medium 4.7 4.7 1d ago Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redir…
CVE-2026-10870 high 7.2 7.2 1d ago A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to …
CVE-2026-42547 medium 5.4 5.4 1d ago IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi…
CVE-2026-42543 medium 4.3 4.3 1d ago IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…
CVE-2026-47708 unknown 1d ago MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper
CVE-2026-42540 medium 4.3 4.3 1d ago IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulate…
CVE-2026-42539 medium 6.5 6.5 1d ago IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo…
CVE-2026-5589 medium 6.3 6.3 2d ago An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is…
CVE-2026-41522 unknown 2d ago Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql…
CVE-2026-41518 high 7.6 7.6 2d ago Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-edit…
CVE-2026-21404 medium 6.3 6.3 2d ago NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can e…
CVE-2026-47703 unknown 2d ago AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle
CVE-2026-48013 unknown 2d ago Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation
CVE-2026-48015 unknown 2d ago Shopware: Stored XSS via SVG file upload — no SVG sanitization
CVE-2026-48016 unknown 2d ago Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment
CVE-2026-48014 unknown 2d ago Shopware: Admin API ACL Bypass in Order State Transition Endpoints
CVE-2026-48012 unknown 2d ago Shopware SSO referer trust leading to an arbitrary redirect target
CVE-2026-48011 unknown 2d ago Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames
CVE-2026-48010 unknown 2d ago Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts
CVE-2026-48009 unknown 2d ago Shopware: Admin Account Takeover via User Recovery Hash Exposure
CVE-2026-48008 unknown 2d ago Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass
CVE-2026-48480 unknown 2d ago The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograp…
CVE-2026-36499 medium 6.5 6.5 slesdebian debian 2d ago A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. T…
CVE-2025-71316 critical 9.8 9.8 2d ago SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL wi…
CVE-2025-65640 medium 6.3 6.3 2d ago Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating…
CVE-2026-50183 unknown 2d ago WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section
CVE-2026-50182 unknown 2d ago WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination
CVE-2026-49279 unknown 2d ago WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass)
CVE-2026-8462 unknown 2d ago OpenMeter: SQL injection through meter creation
CVE-2026-50292 critical 9.8 9.8 FIX debian debian freedesktop 2d ago In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
CVE-2026-48040 critical 9.1 9.1 netty 2d ago The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses…