CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,004
medium
medium 4,828
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10960 | high | 8.3 | 8.3 | 2d ago | Uninitialized Use in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-10953 | high | 8.3 | 8.3 | 2d ago | Use after free in Core in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… | |||
| CVE-2026-10949 | high | 8.3 | 8.3 | 2d ago | Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2026-10940 | high | 8.3 | 8.3 | 2d ago | Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… | |||
| CVE-2026-10934 | high | 8.3 | 8.3 | 2d ago | Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2026-10933 | high | 8.3 | 8.3 | 2d ago | Use after free in Audio in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2026-10929 | high | 8.3 | 8.3 | 2d ago | Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft… | |||
| CVE-2026-10927 | high | 8.3 | 8.3 | 2d ago | Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. … | |||
| CVE-2026-10925 | high | 8.3 | 8.3 | 2d ago | Out of bounds write in Skia in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2026-10924 | high | 8.3 | 8.3 | 2d ago | Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa… | |||
| CVE-2026-10921 | high | 8.3 | 8.3 | 2d ago | Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-10920 | high | 8.3 | 8.3 | 2d ago | Insufficient validation of untrusted input in WebShare in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb… | |||
| CVE-2026-10919 | high | 8.3 | 8.3 | 2d ago | Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-10918 | high | 8.3 | 8.3 | 2d ago | Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro… | |||
| CVE-2026-10917 | high | 8.3 | 8.3 | 2d ago | Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape … | |||
| CVE-2026-10915 | high | 8.3 | 8.3 | 2d ago | Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2026-10911 | high | 8.3 | 8.3 | 2d ago | Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape … | |||
| CVE-2026-10909 | high | 8.3 | 8.3 | 2d ago | Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… | |||
| CVE-2026-10908 | high | 8.3 | 8.3 | 2d ago | Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte… | |||
| CVE-2026-10905 | high | 8.3 | 8.3 | 2d ago | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… | |||
| CVE-2026-10898 | high | 8.3 | 8.3 | 2d ago | Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page… | |||
| CVE-2026-10894 | high | 8.3 | 8.3 | 2d ago | Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… | |||
| CVE-2026-10889 | high | 8.3 | 8.3 | 2d ago | Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-10884 | high | 8.3 | 8.3 | 2d ago | Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page… | |||
| CVE-2026-49203 | high | 8.3 | 8.3 | 3d ago | Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. | |||
| CVE-2026-42941 | high | 8.3 | 8.3 | 8d ago | The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change. | |||
| CVE-2026-42929 | high | 8.3 | 8.3 | 8d ago | Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. | |||
| CVE-2026-10105 | high | 8.3 | 8.3 | 8d ago | agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values t… | |||
| CVE-2026-32905 | high | 8.3 | 8.3 | 8d ago | OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without… | |||
| CVE-2026-44698 | high | 8.3 | 8.3 | 8d ago | Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and … | |||
| CVE-2026-9998 | high | 8.3 | 8.3 | 9d ago | Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… | |||
| CVE-2026-9997 | high | 8.3 | 8.3 | 9d ago | Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-9994 | high | 8.3 | 8.3 | 9d ago | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2026-9993 | high | 8.3 | 8.3 | 9d ago | Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. (Ch… | |||
| CVE-2026-9988 | high | 8.3 | 8.3 | 9d ago | Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9982 | high | 8.3 | 8.3 | 9d ago | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape… | |||
| CVE-2026-9977 | high | 8.3 | 8.3 | 9d ago | Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a … | |||
| CVE-2026-9975 | high | 8.3 | 8.3 | 9d ago | Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… | |||
| CVE-2026-9974 | high | 8.3 | 8.3 | 9d ago | Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-9972 | high | 8.3 | 8.3 | 9d ago | Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H… | |||
| CVE-2026-9970 | high | 8.3 | 8.3 | 9d ago | Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-9966 | high | 8.3 | 8.3 | 9d ago | Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… | |||
| CVE-2026-9951 | high | 8.3 | 8.3 | 9d ago | Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9949 | high | 8.3 | 8.3 | 9d ago | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2026-9948 | high | 8.3 | 8.3 | 9d ago | Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p… | |||
| CVE-2026-9946 | high | 8.3 | 8.3 | 9d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-9937 | high | 8.3 | 8.3 | 9d ago | Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML … | |||
| CVE-2026-9936 | high | 8.3 | 8.3 | 9d ago | Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2026-9932 | high | 8.3 | 8.3 | 9d ago | Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… | |||
| CVE-2026-9931 | high | 8.3 | 8.3 | 9d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… | |||
| CVE-2026-9926 | high | 8.3 | 8.3 | 9d ago | Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa… | |||
| CVE-2026-9925 | high | 8.3 | 8.3 | 9d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-9924 | high | 8.3 | 8.3 | 9d ago | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf… | |||
| CVE-2026-9916 | high | 8.3 | 8.3 | 9d ago | Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2026-9915 | high | 8.3 | 8.3 | 9d ago | Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa… | |||
| CVE-2026-9914 | high | 8.3 | 8.3 | 9d ago | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape… | |||
| CVE-2026-9906 | high | 8.3 | 8.3 | 9d ago | Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-9905 | high | 8.3 | 8.3 | 9d ago | Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr… | |||
| CVE-2026-9904 | high | 8.3 | 8.3 | 9d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9902 | high | 8.3 | 8.3 | 9d ago | Use after free in Accessibility in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML … | |||
| CVE-2026-9900 | high | 8.3 | 8.3 | 9d ago | Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2026-9899 | high | 8.3 | 8.3 | 9d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-9898 | high | 8.3 | 8.3 | 9d ago | Insufficient validation of untrusted input in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb… | |||
| CVE-2026-9895 | high | 8.3 | 8.3 | 9d ago | Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. … | |||
| CVE-2026-9894 | high | 8.3 | 8.3 | 9d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… | |||
| CVE-2026-9893 | high | 8.3 | 8.3 | 9d ago | Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-9892 | high | 8.3 | 8.3 | 9d ago | Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via… | |||
| CVE-2026-9890 | high | 8.3 | 8.3 | 9d ago | Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML … | |||
| CVE-2026-9889 | high | 8.3 | 8.3 | 9d ago | Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security … | |||
| CVE-2026-9888 | high | 8.3 | 8.3 | 9d ago | Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2026-9885 | high | 8.3 | 8.3 | 9d ago | Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox es… | |||
| CVE-2026-9880 | high | 8.3 | 8.3 | 9d ago | Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape… | |||
| CVE-2026-9877 | high | 8.3 | 8.3 | 9d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |||
| CVE-2026-10020 | high | 8.3 | 8.3 | 9d ago | Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… | |||
| CVE-2026-10017 | high | 8.3 | 8.3 | 9d ago | Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p… | |||
| CVE-2026-10014 | high | 8.3 | 8.3 | 9d ago | Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2026-10012 | high | 8.3 | 8.3 | 9d ago | Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-10001 | high | 8.3 | 8.3 | 9d ago | Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2026-10000 | high | 8.3 | 8.3 | 9d ago | Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte… | |||
| CVE-2026-44570 | high | 8.3 | 8.3 | 22d ago | Open WebUI has inconsistent authorization controls within memories API | |||
| CVE-2026-45369 | high | 8.3 | 8.3 | 23d ago | utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol | |||
| CVE-2026-8575 | high | 8.3 | 8.3 | 23d ago | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro… | |||
| CVE-2026-8574 | high | 8.3 | 8.3 | 23d ago | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2026-8573 | high | 8.3 | 8.3 | 23d ago | Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:… | |||
| CVE-2026-8571 | high | 8.3 | 8.3 | 23d ago | Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v… | |||
| CVE-2026-8569 | high | 8.3 | 8.3 | 23d ago | Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: … | |||
| CVE-2026-8548 | high | 8.3 | 8.3 | 23d ago | Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2026-8542 | high | 8.3 | 8.3 | 23d ago | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM… | |||
| CVE-2026-8534 | high | 8.3 | 8.3 | 23d ago | Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a… | |||
| CVE-2026-8533 | high | 8.3 | 8.3 | 23d ago | Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML … | |||
| CVE-2026-8530 | high | 8.3 | 8.3 | 23d ago | Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2026-8525 | high | 8.3 | 8.3 | 23d ago | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-8523 | high | 8.3 | 8.3 | 23d ago | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-8520 | high | 8.3 | 8.3 | 23d ago | Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8515 | high | 8.3 | 8.3 | 23d ago | Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted H… | |||
| CVE-2026-8514 | high | 8.3 | 8.3 | 23d ago | Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-8513 | high | 8.3 | 8.3 | 23d ago | Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… | |||
| CVE-2026-8512 | high | 8.3 | 8.3 | 23d ago | Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr… | |||
| CVE-2026-43907 | high | 8.3 | 8.3 | 23d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGB… | |||
| CVE-2026-44586 | high | 8.3 | 8.3 | 23d ago | SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML wit… |