CVEs from 2026
Total
14,122
critical
critical 1,246
high
high 4,695
medium
medium 4,473
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9504 | low | 3.3 | 3.3 | 9d ago | A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou… | |||
| CVE-2026-9503 | low | 3.3 | 3.3 | 9d ago | A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null … | |||
| CVE-2026-9501 | low | 3.3 | 3.3 | 9d ago | A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipul… | |||
| CVE-2026-39824 | low | 3.3 | 3.3 | 12d ago | NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated strin… | |||
| CVE-2026-47782 | low | 3.3 | 3.3 | 14d ago | Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web p… | |||
| CVE-2026-33565 | low | 3.3 | 3.3 | 16d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-28751 | low | 3.3 | 3.3 | 16d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-27781 | low | 3.3 | 3.3 | 16d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-25110 | low | 3.3 | 3.3 | 16d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-0965 | low | 3.3 | 3.3 | 16d ago | Moderate: libssh security update | |||
| CVE-2026-47091 | low | 3.3 | 3.3 | 16d ago | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin… | |||
| CVE-2026-8770 | low | 3.3 | 3.3 | 17d ago | A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat… | |||
| CVE-2026-20793 | low | 3.3 | 3.3 | 23d ago | Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an a… | |||
| CVE-2026-41530 | low | 3.3 | 3.3 | 23d ago | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe… | |||
| CVE-2026-28910 | low | 3.3 | 3.3 | 23d ago | macOS Tahoe 26.4 | |||
| CVE-2026-28957 | low | 3.3 | 3.3 | 24d ago | visionOS 26.5 | |||
| CVE-2026-32803 | low | 3.3 | 3.3 | 27d ago | Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileg… | |||
| CVE-2026-41498 | low | 3.3 | 3.3 | 27d ago | Kimai has Missing Object-Level Authorization in the Team API | |||
| CVE-2026-7740 | low | 3.3 | 3.3 | 1mo ago | A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id… | |||
| CVE-2026-7739 | low | 3.3 | 3.3 | 1mo ago | A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation … | |||
| CVE-2026-33448 | low | 3.3 | 3.3 | 1mo ago | CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump t… | |||
| CVE-2026-41357 | low | 3.3 | 3.3 | 1mo ago | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve… | |||
| CVE-2026-35379 | low | 3.3 | 3.3 | 1mo ago | A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space char… | |||
| CVE-2026-35378 | low | 3.3 | 3.3 | 1mo ago | A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw… | |||
| CVE-2026-35375 | low | 3.3 | 3.3 | 1mo ago | A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to_string_lossy() wh… | |||
| CVE-2026-35371 | low | 3.3 | 3.3 | 1mo ago | uutils coreutils's User Interface (UI) Misrepresents Critical Information | |||
| CVE-2026-35344 | low | 3.3 | 3.3 | 1mo ago | uutils coreutils has an Unchecked Return Value Issue | |||
| CVE-2026-35343 | low | 3.3 | 3.3 | 1mo ago | The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited fl… | |||
| CVE-2026-35342 | low | 3.3 | 3.3 | 1mo ago | The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementa… | |||
| CVE-2026-40505 | low | 3.3 | 3.3 | 2mo ago | MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious… | |||
| CVE-2026-6192 | low | 3.3 | 3.3 | 2mo ago | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. T… | |||
| CVE-2026-40228 | low | 3.3 | 3.3 | 2mo ago | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | |||
| CVE-2026-5037 | low | 3.3 | 3.3 | 2mo ago | A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr c… | |||
| CVE-2026-4833 | low | 3.3 | 3.3 | 2mo ago | A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled r… | |||
| CVE-2026-20684 | low | 3.3 | 3.3 | 2mo ago | macOS Tahoe 26.4 | |||
| CVE-2026-4539 | low | 3.3 | 3.3 | 2mo ago | A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular e… | |||
| CVE-2026-4159 | low | 3.3 | 3.3 | 3mo ago | 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_Decode… | |||
| CVE-2026-4174 | low | 3.3 | 3.3 | 3mo ago | A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation lea… | |||
| CVE-2026-4010 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument leng… | |||
| CVE-2026-4009 | low | 3.3 | 3.3 | 3mo ago | A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File P… | |||
| CVE-2026-3950 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to o… | |||
| CVE-2026-3949 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing… | |||
| CVE-2026-21791 | low | 3.3 | 3.3 | 3mo ago | HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL | |||
| CVE-2026-3449 | low | 3.3 | 3.3 | 3mo ago | @tootallnate/once vulnerable to Incorrect Control Flow Scoping | |||
| CVE-2026-3407 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes h… | |||
| CVE-2026-2903 | low | 3.3 | 3.3 | 3mo ago | A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack ca… | |||
| CVE-2026-2889 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only… | |||
| CVE-2026-2642 | low | 3.3 | 3.3 | 4mo ago | A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null point… | |||
| CVE-2026-2641 | low | 3.3 | 3.3 | 4mo ago | A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Exe… | |||
| CVE-2026-2246 | low | 3.3 | 3.3 | 4mo ago | A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation lead… | |||
| CVE-2026-2245 | low | 3.3 | 3.3 | 4mo ago | A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation l… | |||
| CVE-2026-2069 | low | 3.3 | 3.3 | 4mo ago | A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This… | |||
| CVE-2026-1990 | low | 3.3 | 3.3 | 4mo ago | A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation l… | |||
| CVE-2026-1417 | low | 3.3 | 3.3 | 4mo ago | A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference.… | |||
| CVE-2026-1416 | low | 3.3 | 3.3 | 4mo ago | A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null poin… | |||
| CVE-2026-1415 | low | 3.3 | 3.3 | 4mo ago | A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to… | |||
| CVE-2026-44220 | low | 3.2 | 3.2 | 22d ago | ciguard: discover_pipeline_files follows symlinks out of scan root | |||
| CVE-2026-45362 | low | 3.2 | 3.2 | 23d ago | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. | |||
| CVE-2026-43969 | low | 3.2 | 3.2 | 23d ago | cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1 | |||
| CVE-2026-31369 | low | 3.2 | 3.2 | 1mo ago | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | |||
| CVE-2026-8404 | low | 3.1 | 3.1 | 16h ago | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive… | |||
| CVE-2026-7666 | low | 3.1 | 3.1 | 16h ago | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a … | |||
| CVE-2026-6873 | low | 3.1 | 3.1 | 16h ago | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and… | |||
| CVE-2026-48587 | low | 3.1 | 3.1 | 16h ago | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header va… | |||
| CVE-2026-35193 | low | 3.1 | 3.1 | 16h ago | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requ… | |||
| CVE-2026-10705 | low | 3.1 | 3.1 | 1d ago | A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resourc… | |||
| CVE-2026-10565 | low | 3.1 | 3.1 | 2d ago | A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a mani… | |||
| CVE-2026-45426 | low | 3.1 | 3.1 | 3d ago | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against … | |||
| CVE-2026-40963 | low | 3.1 | 3.1 | 3d ago | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated U… | |||
| CVE-2026-9991 | low | 3.1 | 3.1 | 6d ago | Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-9959 | low | 3.1 | 3.1 | 6d ago | Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9950 | low | 3.1 | 3.1 | 6d ago | Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a… | |||
| CVE-2026-9944 | low | 3.1 | 3.1 | 6d ago | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec… | |||
| CVE-2026-9920 | low | 3.1 | 3.1 | 6d ago | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chr… | |||
| CVE-2026-10011 | low | 3.1 | 3.1 | 6d ago | Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Ch… | |||
| CVE-2026-49009 | low | 3.1 | 3.1 | 8d ago | Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. | |||
| CVE-2026-47715 | low | 3.1 | 3.1 | 9d ago | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requir… | |||
| CVE-2026-47716 | low | 3.1 | 3.1 | 9d ago | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the … | |||
| CVE-2026-48851 | low | 3.1 | 3.1 | 9d ago | PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session. | |||
| CVE-2026-9398 | low | 3.1 | 3.1 | 10d ago | A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass b… | |||
| CVE-2026-9394 | low | 3.1 | 3.1 | 10d ago | A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to w… | |||
| CVE-2026-39967 | low | 3.1 | 3.1 | 12d ago | TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user a… | |||
| CVE-2026-9249 | low | 3.1 | 3.1 | 13d ago | Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : * D… | |||
| CVE-2026-44057 | low | 3.1 | 3.1 | 14d ago | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authen… | |||
| CVE-2026-7836 | low | 3.1 | 3.1 | 14d ago | An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification v… | |||
| CVE-2026-7835 | low | 3.1 | 3.1 | 14d ago | A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string pro… | |||
| CVE-2026-44070 | low | 3.1 | 3.1 | 14d ago | An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character convers… | |||
| CVE-2026-0968 | low | 3.1 | 3.1 | 16d ago | Moderate: libssh security update | |||
| CVE-2026-8741 | low | 3.1 | 3.1 | 18d ago | A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manip… | |||
| CVE-2026-8579 | low | 3.1 | 3.1 | 20d ago | Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write… | |||
| CVE-2026-8578 | low | 3.1 | 3.1 | 20d ago | Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro… | |||
| CVE-2026-8572 | low | 3.1 | 3.1 | 20d ago | Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft… | |||
| CVE-2026-8568 | low | 3.1 | 3.1 | 20d ago | Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Ch… | |||
| CVE-2026-8556 | low | 3.1 | 3.1 | 20d ago | Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-8554 | low | 3.1 | 3.1 | 20d ago | Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted H… | |||
| CVE-2026-8553 | low | 3.1 | 3.1 | 20d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Ch… | |||
| CVE-2026-8545 | low | 3.1 | 3.1 | 20d ago | Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromi… | |||
| CVE-2026-8536 | low | 3.1 | 3.1 | 20d ago | Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation v… | |||
| CVE-2026-8022 | low | 3.1 | 3.1 | 28d ago | Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted … | |||
| CVE-2026-8017 | low | 3.1 | 3.1 | 28d ago | Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |