CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,004
medium
medium 4,828
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44076 | medium | 6.7 | 6.7 | 16d ago | Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path. | |||
| CVE-2026-35070 | medium | 6.7 | 6.7 | 17d ago | Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w… | |||
| CVE-2026-42919 | medium | 6.7 | 6.7 | 24d ago | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a secur… | |||
| CVE-2026-21018 | medium | 6.7 | 6.7 | 25d ago | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code. | |||
| CVE-2026-41097 | medium | 6.7 | 6.7 | 25d ago | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-32170 | medium | 6.7 | 6.7 | 25d ago | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-21530 | medium | 6.7 | 6.7 | 25d ago | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40638 | medium | 6.7 | 6.7 | 25d ago | Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this v… | |||
| CVE-2026-26946 | medium | 6.7 | 6.7 | 26d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local acce… | |||
| CVE-2026-42176 | medium | 6.7 | 6.7 | 29d ago | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to… | |||
| CVE-2026-20451 | medium | 6.7 | 6.7 | 1mo ago | In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti… | |||
| CVE-2026-20448 | medium | 6.7 | 6.7 | 1mo ago | In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System priv… | |||
| CVE-2026-20447 | medium | 6.7 | 6.7 | 1mo ago | In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privileg… | |||
| CVE-2026-25852 | medium | 6.7 | 6.7 | 1mo ago | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. | |||
| CVE-2026-7280 | medium | 6.7 | 6.7 | 1mo ago | AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitra… | |||
| CVE-2026-40977 | medium | 6.7 | 6.7 | 1mo ago | Spring Boot's PID file write follows symlinks at predictable default path | |||
| CVE-2026-41360 | medium | 6.7 | 6.7 | 1mo ago | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scri… | |||
| CVE-2026-35154 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper … | |||
| CVE-2026-26951 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflo… | |||
| CVE-2026-35153 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-35074 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-35073 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-35072 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |||
| CVE-2026-32176 | medium | 6.7 | 6.7 | 2mo ago | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32167 | medium | 6.7 | 6.7 | 2mo ago | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-0390 | medium | 6.7 | 6.7 | 2mo ago | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-34871 | medium | 6.7 | 6.7 | 2mo ago | An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG). | |||
| CVE-2026-4105 | medium | 6.7 | 6.7 | 3mo ago | A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop… | |||
| CVE-2026-20016 | medium | 6.7 | 6.7 | 3mo ago | A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the… | |||
| CVE-2026-21422 | medium | 6.7 | 6.7 | 3mo ago | Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentiall… | |||
| CVE-2026-22341 | medium | 6.7 | 6.7 | 4mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0. | |||
| CVE-2026-7566 | medium | 6.6 | 6.6 | 15h ago | The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it … | |||
| CVE-2026-48919 | medium | 6.6 | 6.6 | 10d ago | Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation. | |||
| CVE-2026-48918 | medium | 6.6 | 6.6 | 10d ago | Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default. | |||
| CVE-2026-48917 | medium | 6.6 | 6.6 | 10d ago | Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation. | |||
| CVE-2026-48916 | medium | 6.6 | 6.6 | 10d ago | Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals. | |||
| CVE-2026-27768 | medium | 6.6 | 6.6 | 12d ago | SQL Injection affecting the Access Manager role. | |||
| CVE-2026-6366 | medium | 6.6 | 6.6 | 18d ago | Drupal core allows Object Injection | |||
| CVE-2026-34216 | medium | 6.6 | 6.6 | 18d ago | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied requ… | |||
| CVE-2026-20905 | medium | 6.6 | 6.6 | 25d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an… | |||
| CVE-2026-20782 | medium | 6.6 | 6.6 | 25d ago | Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenti… | |||
| CVE-2026-20717 | medium | 6.6 | 6.6 | 25d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |||
| CVE-2026-35255 | medium | 6.6 | 6.6 | 1mo ago | Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability… | |||
| CVE-2026-42510 | medium | 6.6 | 6.6 | 1mo ago | OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. | |||
| CVE-2026-35365 | medium | 6.6 | 6.6 | 2mo ago | The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands t… | |||
| CVE-2026-4114 | medium | 6.6 | 6.6 | 2mo ago | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | |||
| CVE-2026-3401 | medium | 6.6 | 6.6 | 3mo ago | A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of th… | |||
| CVE-2026-9829 | medium | 6.5 | 6.5 | 14h ago | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter in all versions up to, and i… | |||
| CVE-2026-46397 | medium | 6.5 | 6.5 | 1d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low… | |||
| CVE-2026-48112 | medium | 6.5 | 6.5 | 1d ago | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in… | |||
| CVE-2026-48101 | medium | 6.5 | 6.5 | 1d ago | 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCa… | |||
| CVE-2026-37737 | medium | 6.5 | 6.5 | 1d ago | sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypas… | |||
| CVE-2026-11299 | medium | 6.5 | 6.5 | 2d ago | Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security… | |||
| CVE-2026-11289 | medium | 6.5 | 6.5 | 2d ago | Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11288 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11287 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions v… | |||
| CVE-2026-11284 | medium | 6.5 | 6.5 | 2d ago | Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L… | |||
| CVE-2026-11283 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium secu… | |||
| CVE-2026-11278 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-11275 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a… | |||
| CVE-2026-11271 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a craf… | |||
| CVE-2026-11270 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11268 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11263 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data vi… | |||
| CVE-2026-11258 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary acc… | |||
| CVE-2026-47655 | medium | 6.5 | 6.5 | 2d ago | Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-47644 | medium | 6.5 | 6.5 | 2d ago | Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a netw… | |||
| CVE-2026-42824 | medium | 6.5 | 6.5 | 2d ago | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-11227 | medium | 6.5 | 6.5 | 2d ago | Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) | |||
| CVE-2026-11226 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin… | |||
| CVE-2026-11225 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) | |||
| CVE-2026-11223 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cra… | |||
| CVE-2026-11222 | medium | 6.5 | 6.5 | 2d ago | Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11220 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a craf… | |||
| CVE-2026-11217 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa… | |||
| CVE-2026-11215 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Cronet in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: … | |||
| CVE-2026-11214 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-11210 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. (Chromium security sever… | |||
| CVE-2026-11209 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from p… | |||
| CVE-2026-11208 | medium | 6.5 | 6.5 | 2d ago | Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security … | |||
| CVE-2026-11206 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-11204 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-11203 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11200 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11197 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML p… | |||
| CVE-2026-11196 | medium | 6.5 | 6.5 | 2d ago | Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. (Chromium security seve… | |||
| CVE-2026-11195 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted … | |||
| CVE-2026-11194 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11193 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium securit… | |||
| CVE-2026-11190 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via… | |||
| CVE-2026-11189 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restricti… | |||
| CVE-2026-11183 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in GWP-ASan in Google Chrome prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium securit… | |||
| CVE-2026-11182 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11180 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11176 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11168 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from … | |||
| CVE-2026-11160 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi… | |||
| CVE-2026-11148 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Me… | |||
| CVE-2026-11145 | medium | 6.5 | 6.5 | 2d ago | Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11143 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information… |