CVEs from 2026
Total
14,698
critical
critical 1,323
high
high 4,977
medium
medium 4,753
low
low 501
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 660
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0566 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image le… | |||
| CVE-2026-0565 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del c… | |||
| CVE-2026-0546 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. T… | |||
| CVE-2026-0544 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injec… | |||
| CVE-2026-11293 | critical | 9.6 | 9.6 | 23h ago | Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11282 | critical | 9.6 | 9.6 | 23h ago | Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-11250 | critical | 9.6 | 9.6 | 23h ago | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pr… | |||
| CVE-2026-11213 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox … | |||
| CVE-2026-11207 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromi… | |||
| CVE-2026-11198 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium secu… | |||
| CVE-2026-11167 | critical | 9.6 | 9.6 | 1d ago | Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v… | |||
| CVE-2026-11165 | critical | 9.6 | 9.6 | 1d ago | Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11163 | critical | 9.6 | 9.6 | 1d ago | Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-11152 | critical | 9.6 | 9.6 | 1d ago | Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11095 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape… | |||
| CVE-2026-11094 | critical | 9.6 | 9.6 | 1d ago | Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… | |||
| CVE-2026-11088 | critical | 9.6 | 9.6 | 1d ago | Integer overflow in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… | |||
| CVE-2026-11082 | critical | 9.6 | 9.6 | 1d ago | Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… | |||
| CVE-2026-11070 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the network process to potentially perform a … | |||
| CVE-2026-11066 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-11065 | critical | 9.6 | 9.6 | 1d ago | Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-11063 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in WebNN in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… | |||
| CVE-2026-11061 | critical | 9.6 | 9.6 | 1d ago | Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11056 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perfor… | |||
| CVE-2026-11052 | critical | 9.6 | 9.6 | 1d ago | Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML … | |||
| CVE-2026-11047 | critical | 9.6 | 9.6 | 1d ago | Inappropriate implementation in Base in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via … | |||
| CVE-2026-11043 | critical | 9.6 | 9.6 | 1d ago | Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… | |||
| CVE-2026-11037 | critical | 9.6 | 9.6 | 1d ago | Out of bounds write in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium) | |||
| CVE-2026-10983 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… | |||
| CVE-2026-10974 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-10972 | critical | 9.6 | 9.6 | 1d ago | Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10971 | critical | 9.6 | 9.6 | 1d ago | Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a s… | |||
| CVE-2026-10966 | critical | 9.6 | 9.6 | 1d ago | Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:… | |||
| CVE-2026-10931 | critical | 9.6 | 9.6 | 1d ago | Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10892 | critical | 9.6 | 9.6 | 1d ago | Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C… | |||
| CVE-2026-10886 | critical | 9.6 | 9.6 | 1d ago | Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10881 | critical | 9.6 | 9.6 | 1d ago | Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C… | |||
| CVE-2026-35906 | critical | 9.6 | 9.6 | 1d ago | An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HT… | |||
| CVE-2026-8037 | critical | 9.6 | 9.6 | 1d ago | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting un… | |||
| CVE-2026-10840 | critical | 9.6 | 9.6 | 1d ago | A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources… | |||
| CVE-2026-5241 | critical | 9.6 | 9.6 | 2d ago | A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The… | |||
| CVE-2026-32625 | critical | 9.6 | 9.6 | 3d ago | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders aga… | |||
| CVE-2026-48866 | critical | 9.6 | 9.6 | 4d ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a thro… | |||
| CVE-2026-45628 | critical | 9.6 | 9.6 | 7d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (… | |||
| CVE-2026-9967 | critical | 9.6 | 9.6 | 8d ago | Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9918 | critical | 9.6 | 9.6 | 8d ago | Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-9886 | critical | 9.6 | 9.6 | 8d ago | Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9876 | critical | 9.6 | 9.6 | 8d ago | Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri… | |||
| CVE-2026-9875 | critical | 9.6 | 9.6 | 8d ago | Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-9874 | critical | 9.6 | 9.6 | 8d ago | Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9872 | critical | 9.6 | 9.6 | 8d ago | Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-45323 | critical | 9.6 | 9.6 | 8d ago | MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect … | |||
| CVE-2026-45570 | critical | 9.6 | 9.6 | 9d ago | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in … | |||
| CVE-2026-8959 | critical | 9.6 | 9.6 | 10d ago | Important: thunderbird security update | |||
| CVE-2026-8953 | critical | 9.6 | 9.6 | 10d ago | Important: thunderbird security update | |||
| CVE-2026-44985 | critical | 9.6 | 9.6 | 10d ago | Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepti… | |||
| CVE-2026-39821 | critical | 9.6 | 9.6 | 14d ago | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com… | |||
| CVE-2026-8670 | critical | 9.6 | 9.6 | 14d ago | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1. | |||
| CVE-2026-45758 | critical | 9.6 | 9.6 | 17d ago | Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. … | |||
| CVE-2026-2587 | critical | 9.6 | 9.6 | 17d ago | GlassFish's gadget handler is vulnerable to RCE | |||
| CVE-2026-2611 | critical | 9.6 | 9.6 | 18d ago | MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution | |||
| CVE-2026-7321 | critical | 9.6 | 9.6 | 18d ago | RHSA-2026:20586: thunderbird security update (Important) | |||
| CVE-2026-45374 | critical | 9.6 | 9.6 | 22d ago | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:14… | |||
| CVE-2026-45311 | critical | 9.6 | 9.6 | 22d ago | CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user… | |||
| CVE-2026-8580 | critical | 9.6 | 9.6 | 22d ago | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8511 | critical | 9.6 | 9.6 | 22d ago | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-41615 | critical | 9.6 | 9.6 | 22d ago | Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-44482 | critical | 9.6 | 9.6 | 22d ago | soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app… | |||
| CVE-2026-42557 | critical | 9.6 | 9.6 | 23d ago | jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlink… | |||
| CVE-2026-44547 | critical | 9.6 | 9.6 | 24d ago | ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/publ… | |||
| CVE-2026-34659 | critical | 9.6 | 9.6 | 24d ago | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current … | |||
| CVE-2026-42048 | critical | 9.6 | 9.6 | 24d ago | Langflow Knowledge Bases API is Vulnerable to Path Traversal | |||
| CVE-2026-8043 | critical | 9.6 | 9.6 | 24d ago | External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to … | |||
| CVE-2026-34263 | critical | 9.6 | 9.6 | 25d ago | Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to hi… | |||
| CVE-2026-34260 | critical | 9.6 | 9.6 | 25d ago | SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applica… | |||
| CVE-2026-43899 | critical | 9.6 | 9.6 | 25d ago | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerabl… | |||
| CVE-2026-44211 | critical | 9.6 | 9.6 | 28d ago | Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time o… | |||
| CVE-2026-44336 | critical | 9.6 | 9.6 | 28d ago | PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection | |||
| CVE-2026-43944 | critical | 9.6 | 9.6 | 29d ago | Electerm users can run dangrous code through link or command line | |||
| CVE-2026-43941 | critical | 9.6 | 9.6 | 29d ago | Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click | |||
| CVE-2026-42880 | critical | 9.6 | 9.6 | 29d ago | ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction | |||
| CVE-2026-35428 | critical | 9.6 | 9.6 | 29d ago | Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-33823 | critical | 9.6 | 9.6 | 29d ago | Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-6795 | critical | 9.6 | 9.6 | 29d ago | URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 befor… | |||
| CVE-2026-41589 | critical | 9.6 | 9.6 | 29d ago | Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A ma… | |||
| CVE-2026-44112 | critical | 9.6 | 9.6 | 1mo ago | OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root | |||
| CVE-2026-43581 | critical | 9.6 | 9.6 | 1mo ago | OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools proto… | |||
| CVE-2026-7910 | critical | 9.6 | 9.6 | 1mo ago | Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security… | |||
| CVE-2026-7908 | critical | 9.6 | 9.6 | 1mo ago | Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-42235 | critical | 9.6 | 9.6 | 1mo ago | n8n Vulnerable to XSS via MCP OAuth client | |||
| CVE-2026-42090 | critical | 9.6 | 9.6 | 1mo ago | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in th… | |||
| CVE-2026-36760 | critical | 9.6 | 9.6 | 1mo ago | An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files w… | |||
| CVE-2026-5166 | critical | 9.6 | 9.6 | 1mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. … | |||
| CVE-2026-7333 | critical | 9.6 | 9.6 | 1mo ago | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-41397 | critical | 9.6 | 9.6 | 1mo ago | OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal | |||
| CVE-2026-24303 | critical | 9.6 | 9.6 | 1mo ago | Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-6920 | critical | 9.6 | 9.6 | 1mo ago | Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2026-6919 | critical | 9.6 | 9.6 | 1mo ago | Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-42087 | critical | 9.6 | 9.6 | 1mo ago | OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database | |||
| CVE-2026-6356 | critical | 9.6 | 9.6 | 1mo ago | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitiv… |