CVEs from 2026
Total
14,122
critical
critical 1,246
high
high 4,695
medium
medium 4,475
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9389 | high | 8.8 | 8.8 | 11d ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to buffer overflow. The a… | |||
| CVE-2026-9382 | high | 8.8 | 8.8 | 11d ago | A flaw has been found in Edimax BR-6675nD 1.12. Affected by this issue is the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Executing a manipulation … | |||
| CVE-2026-9381 | high | 8.8 | 8.8 | 11d ago | A vulnerability was detected in Edimax BR-6675nD 1.12. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performi… | |||
| CVE-2026-9380 | high | 8.8 | 8.8 | 11d ago | A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation … | |||
| CVE-2026-9360 | high | 8.8 | 8.8 | 11d ago | A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The… | |||
| CVE-2026-9348 | high | 8.8 | 8.8 | 11d ago | A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument we… | |||
| CVE-2026-9346 | high | 8.8 | 8.8 | 11d ago | A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument su… | |||
| CVE-2026-9345 | high | 8.8 | 8.8 | 11d ago | A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argumen… | |||
| CVE-2026-9344 | high | 8.8 | 8.8 | 11d ago | A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of th… | |||
| CVE-2026-43503 | high | 8.8 | 8.8 | 12d ago | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_s… | |||
| CVE-2026-9294 | high | 8.8 | 8.8 | 12d ago | A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manip… | |||
| CVE-2026-9295 | high | 8.8 | 8.8 | 12d ago | A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipul… | |||
| CVE-2026-6898 | high | 8.8 | 8.8 | 12d ago | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions… | |||
| CVE-2026-6897 | high | 8.8 | 8.8 | 12d ago | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in… | |||
| CVE-2026-6895 | high | 8.8 | 8.8 | 12d ago | The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is du… | |||
| CVE-2026-6419 | high | 8.8 | 8.8 | 12d ago | The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check … | |||
| CVE-2026-47125 | high | 8.8 | 8.8 | 12d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.g… | |||
| CVE-2026-35430 | high | 8.8 | 8.8 | 12d ago | Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-41075 | high | 8.8 | 8.8 | 12d ago | RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft i… | |||
| CVE-2026-45659 | high | 8.8 | 8.8 | 12d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-3294 | high | 8.8 | 8.8 | 13d ago | An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator passwor… | |||
| CVE-2026-6406 | high | 8.8 | 8.8 | 13d ago | The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly… | |||
| CVE-2026-8992 | high | 8.8 | 8.8 | 13d ago | An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code. | |||
| CVE-2026-9018 | high | 8.8 | 8.8 | 13d ago | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` … | |||
| CVE-2026-8434 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4… | |||
| CVE-2026-8433 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score… | |||
| CVE-2026-8432 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o… | |||
| CVE-2026-8427 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a… | |||
| CVE-2026-8416 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a CV… | |||
| CVE-2026-8415 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVS… | |||
| CVE-2026-8414 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 scor… | |||
| CVE-2026-8413 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco… | |||
| CVE-2026-8412 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco… | |||
| CVE-2026-8411 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco… | |||
| CVE-2026-8410 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.… | |||
| CVE-2026-8409 | high | 8.8 | 8.8 | 13d ago | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco… | |||
| CVE-2026-8428 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashb… | |||
| CVE-2026-8426 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who controls the remote package ret… | |||
| CVE-2026-8421 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/controllers/single_page/dashboard/extend/install.php. An attacker who can cause an authenticate… | |||
| CVE-2026-8417 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() method in concrete/controllers/single_page/da… | |||
| CVE-2026-8350 | high | 8.8 | 8.8 | 14d ago | Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access … | |||
| CVE-2026-47102 | high | 8.8 | 8.8 | 14d ago | LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restri… | |||
| CVE-2026-47101 | high | 8.8 | 8.8 | 14d ago | LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored with… | |||
| CVE-2026-47114 | high | 8.8 | 8.8 | 14d ago | IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the… | |||
| CVE-2026-9089 | high | 8.8 | 8.8 | 14d ago | The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5. | |||
| CVE-2026-43495 | high | 8.8 | 8.8 | 14d ago | In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the m… | |||
| CVE-2026-39461 | high | 8.8 | 8.8 | 14d ago | libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descript… | |||
| CVE-2026-44048 | high | 8.8 | 8.8 | 14d ago | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of servi… | |||
| CVE-2026-44047 | high | 8.8 | 8.8 | 14d ago | An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial o… | |||
| CVE-2026-9126 | high | 8.8 | 8.8 | 15d ago | Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-9121 | high | 8.8 | 8.8 | 15d ago | Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-9120 | high | 8.8 | 8.8 | 15d ago | Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9119 | high | 8.8 | 8.8 | 15d ago | Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-9118 | high | 8.8 | 8.8 | 15d ago | Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9114 | high | 8.8 | 8.8 | 15d ago | Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Hig… | |||
| CVE-2026-9112 | high | 8.8 | 8.8 | 15d ago | Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-9111 | high | 8.8 | 8.8 | 15d ago | Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-24217 | high | 8.8 | 8.8 | 15d ago | NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, … | |||
| CVE-2026-44926 | high | 8.8 | 8.8 | 15d ago | InfoScale CmdServer before 7.4.2 mishandles access control. | |||
| CVE-2026-44925 | high | 8.8 | 8.8 | 15d ago | Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which t… | |||
| CVE-2026-5200 | high | 8.8 | 8.8 | 15d ago | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. Th… | |||
| CVE-2026-7522 | high | 8.8 | 8.8 | 15d ago | The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for aut… | |||
| CVE-2026-7467 | high | 8.8 | 8.8 | 15d ago | The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting… | |||
| CVE-2026-6456 | high | 8.8 | 8.8 | 15d ago | The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose compari… | |||
| CVE-2026-46300 | high | 7.8 | 8.8 | 15d ago | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from… | |||
| CVE-2026-32740 | high | 8.8 | 8.8 | 16d ago | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write … | |||
| CVE-2026-8604 | high | 8.8 | 8.8 | 16d ago | In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage. | |||
| CVE-2026-33633 | high | 8.8 | 8.8 | 16d ago | Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash ki… | |||
| CVE-2026-36828 | high | 8.8 | 8.8 | 16d ago | A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell… | |||
| CVE-2026-31069 | high | 8.8 | 8.8 | 16d ago | BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpo… | |||
| CVE-2026-8973 | high | 8.8 | 8.8 | 16d ago | Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2026-8972 | high | 8.8 | 8.8 | 16d ago | Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-8952 | high | 8.8 | 8.8 | 16d ago | Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-42097 | high | 8.8 | 8.8 | 16d ago | Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL qu… | |||
| CVE-2026-42096 | high | 8.8 | 8.8 | 16d ago | Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within da… | |||
| CVE-2026-46586 | high | 8.8 | 8.8 | 16d ago | Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Ap… | |||
| CVE-2026-27648 | high | 8.8 | 8.8 | 16d ago | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | |||
| CVE-2026-45495 | high | 8.8 | 8.8 | 17d ago | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||
| CVE-2026-41085 | high | 8.8 | 8.8 | 17d ago | Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrato… | |||
| CVE-2026-7498 | high | 8.8 | 8.8 | 17d ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored… | |||
| CVE-2026-3220 | high | 8.8 | 8.8 | 17d ago | The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Script… | |||
| CVE-2026-8776 | high | 8.8 | 8.8 | 17d ago | A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulati… | |||
| CVE-2026-8775 | high | 8.8 | 8.8 | 17d ago | A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TP… | |||
| CVE-2026-8719 | high | 8.8 | 8.8 | 18d ago | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in t… | |||
| CVE-2026-45578 | high | 8.8 | 8.8 | 20d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsyn… | |||
| CVE-2026-45035 | high | 8.8 | 8.8 | 20d ago | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp… | |||
| CVE-2026-6228 | high | 8.8 | 8.8 | 20d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field… | |||
| CVE-2026-43490 | high | 8.8 | 8.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor x… | |||
| CVE-2026-45672 | high | 8.8 | 8.8 | 21d ago | Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed | |||
| CVE-2026-8587 | high | 8.8 | 8.8 | 21d ago | Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E… | |||
| CVE-2026-8581 | high | 8.8 | 8.8 | 21d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8577 | high | 8.8 | 8.8 | 21d ago | Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8558 | high | 8.8 | 8.8 | 21d ago | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8555 | high | 8.8 | 8.8 | 21d ago | Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8551 | high | 8.8 | 8.8 | 21d ago | Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page… | |||
| CVE-2026-8549 | high | 8.8 | 8.8 | 21d ago | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8544 | high | 8.8 | 8.8 | 21d ago | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8540 | high | 8.8 | 8.8 | 21d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8532 | high | 8.8 | 8.8 | 21d ago | Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8531 | high | 8.8 | 8.8 | 21d ago | Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity… |