VIR Vulnerability Intelligence Relay

Search

Found 45,888 results in 2352ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-10071 critical 9.8 9.8 7d ago DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code exec…
CVE-2026-9809 high 7.6 7.6 7d ago A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or…
CVE-2026-9808 high 7.1 7.1 7d ago An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as `viewown` or …
CVE-2026-9559 critical 9.9 9.9 7d ago A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escap…
CVE-2025-41281 high 7.8 7.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that al…
CVE-2025-41280 high 7.8 7.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute cod…
CVE-2025-41279 high 7.2 7.2 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version…
CVE-2025-41278 high 7.8 7.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Ho…
CVE-2025-41277 critical 9.8 9.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
CVE-2025-41276 critical 9.8 9.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
CVE-2025-41275 critical 9.8 9.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
CVE-2025-41274 critical 9.8 9.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
CVE-2025-41273 critical 9.8 9.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows…
CVE-2025-41272 critical 9.8 9.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
CVE-2025-41271 high 7.5 7.5 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers …
CVE-2025-41270 critical 9.8 9.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
CVE-2025-41269 critical 9.8 9.8 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio…
CVE-2025-41268 critical 9.1 9.1 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated att…
CVE-2025-41267 high 7.2 7.2 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…
CVE-2025-41266 high 7.2 7.2 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…
CVE-2025-41265 high 7.2 7.2 waterfall-security 7d ago Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version…
CVE-2026-9558 critical 9.9 9.9 7d ago A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated us…
CVE-2026-46579 high 7.4 7.4 7d ago A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows…
CVE-2026-42965 high 7.7 7.7 7d ago A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice tha…
CVE-2026-10078 low 2.7 2.7 7d ago A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL que…
CVE-2026-6075 high 8.1 8.1 7d ago The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handle…
CVE-2026-49199 critical 9.8 9.8 acer 7d ago Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
CVE-2026-10056 high 7.5 7.5 7d ago CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote a…
CVE-2026-4776 high 7.1 7.1 7d ago An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input fi…
CVE-2026-3655 critical 9.8 9.8 7d ago The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `…
CVE-2025-11262 high 7.2 7.2 7d ago The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization an…
CVE-2026-8732 critical 9.8 9.8 7d ago The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJ…
CVE-2025-11993 high 8.8 8.8 7d ago The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'import_se…
CVE-2026-9999 high 8.8 8.8 FIX debian debianmacos macos google 8d ago Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security …
CVE-2026-9998 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (…
CVE-2026-9997 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…
CVE-2026-9995 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9994 high 8.3 8.3 FIX debian debian google 8d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-9993 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. (Ch…
CVE-2026-9992 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9991 low 3.1 3.1 FIX debian debian google 8d ago Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…
CVE-2026-9990 high 7.5 7.5 FIX debian debianmacos macos google 8d ago Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruptio…
CVE-2026-9988 high 8.3 8.3 FIX debian debian linux-kernel google 8d ago Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9987 high 7.8 7.8 FIX debian debian google 8d ago Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium sec…
CVE-2026-9984 high 8.8 8.8 FIX debian debian google 8d ago Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9983 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9982 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…
CVE-2026-9978 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9977 high 8.3 8.3 FIX debian debian google 8d ago Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a …
CVE-2026-9976 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9975 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…
CVE-2026-9974 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
CVE-2026-9973 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9972 high 8.3 8.3 FIX debian debianmacos macos google 8d ago Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H…
CVE-2026-9970 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…
CVE-2026-9969 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: …
CVE-2026-9968 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9967 critical 9.6 9.6 FIX debian debianmacos macos linux-kernel google 8d ago Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9966 high 8.3 8.3 FIX debian debian google 8d ago Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
CVE-2026-9965 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9964 high 8.1 8.1 FIX debian debianmacos macos google 8d ago Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Ex…
CVE-2026-9963 high 7.5 7.5 FIX debian debianmacos macos google 8d ago Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox vi…
CVE-2026-9962 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9961 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9960 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 8d ago Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font fi…
CVE-2026-9959 low 3.1 3.1 FIX debian debian google 8d ago Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9958 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2026-9957 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
CVE-2026-9956 high 7.5 7.5 FIX debian debianmacos macos google 8d ago Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML pag…
CVE-2026-9954 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a craft…
CVE-2026-9952 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9951 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9950 low 3.1 3.1 FIX debian debianmacos macos google 8d ago Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a…
CVE-2026-9949 high 8.3 8.3 FIX debian debian google 8d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-9948 high 8.3 8.3 FIX debian debianmacos macos google 8d ago Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p…
CVE-2026-9947 high 8.8 8.8 FIX debian debian 8d ago Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9946 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…
CVE-2026-9945 high 8.8 8.8 FIX debian debian google 8d ago Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …
CVE-2026-9944 low 3.1 3.1 FIX debian debianmacos macos linux-kernel google 8d ago Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec…
CVE-2026-9941 high 8.8 8.8 FIX debian debian google 8d ago Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9940 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9939 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Heap buffer overflow in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
CVE-2026-9938 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …
CVE-2026-9937 high 8.3 8.3 FIX debian debian google 8d ago Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
CVE-2026-9936 high 8.3 8.3 FIX debian debianmacos macos google 8d ago Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-9934 high 7.5 7.5 FIX debian debian google 8d ago Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Ch…
CVE-2026-9933 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted …
CVE-2026-9932 high 8.3 8.3 FIX debian debian google 8d ago Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
CVE-2026-9931 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…
CVE-2026-9928 high 8.8 8.8 FIX debian debian google 8d ago Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9927 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9926 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa…
CVE-2026-9925 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 8d ago Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…
CVE-2026-9924 high 8.3 8.3 FIX debian debian google 8d ago Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf…
CVE-2026-9923 high 8.8 8.8 FIX debian debian google 8d ago Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9922 high 7.5 7.5 FIX debian debianmacos macos google 8d ago Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium s…
CVE-2026-9920 low 3.1 3.1 FIX debian debian google 8d ago Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chr…
CVE-2026-9918 critical 9.6 9.6 FIX debian debian google 8d ago Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H…
CVE-2026-9916 high 8.3 8.3 FIX debian debian google 8d ago Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-9915 high 8.3 8.3 FIX debian debian google 8d ago Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa…