Skip to main content
CVE-2026-7955 MEDIUM PATCH This Month

Uninitialized memory use in the GPU component of Google Chrome prior to version 148.0.7778.96 allows remote attackers who have compromised the renderer process to extract potentially sensitive information from process memory through a malicious HTML page. The vulnerability requires renderer process compromise as a precondition and user interaction to trigger, but once achieved, enables confidentiality breach with no code execution or denial of service impact. Vendor-released patch available in Chrome 148.0.7778.96.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44306 MEDIUM PATCH GHSA This Month

Statamic CMS versions before 5.73.21 and 6.0-6.14.x disclose whether an email address is registered via differential responses from the forgot password endpoint, enabling unauthenticated attackers to enumerate valid user accounts and facilitate downstream credential-based attacks. The vulnerability has a CVSS score of 5.3 (low confidentiality impact) and no public exploit code or active exploitation has been identified.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-7960 MEDIUM PATCH This Month

Information disclosure in Google Chrome prior to 148.0.7778.96 allows remote attackers who have compromised the renderer process to extract potentially sensitive data from process memory through a race condition triggered by a crafted HTML page. The vulnerability requires renderer process compromise and user interaction but results in high confidentiality impact with no integrity or availability consequences. Chromium security team rates this as Medium severity; no active exploitation has been publicly confirmed.

Race Condition Google Information Disclosure Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-20195 MEDIUM This Month

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity management API endpoint by analyzing differentiated error responses to crafted requests. The vulnerability enables account enumeration with no authentication required, network-accessible attack surface, and low complexity exploitation, resulting in partial information disclosure of valid usernames on affected systems.

Information Disclosure Cisco Cisco Identity Services Engine Software
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-42572 MEDIUM PATCH GHSA This Month

## Summary A missing authorization directive on the `GET /api/v1/stable/dags/tasks` endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belonging to that tenant, and receive task metadata for that DAG. This issue has been patched in **v0.83.39**. Hatchet Cloud has been patched and requires no action from users. Self-hosted users should upgrade. ## Impact **Who is affected.** Multi-tenant Hatchet instances reachable by an attacker who can obtain an account on that instance. On Hatchet Cloud, account creation is open by default. On self-hosted instances, the API must be reachable by the attacker and the hostname known; instances deployed inside a VPC or with signup restricted are not exposed to arbitrary external actors. **Prerequisites for exploitation.** An attacker needed: 1. An account on the target Hatchet instance. 2. The victim tenant's UUID. 3. At least one DAG UUID (`external_id`) belonging to that tenant. The two UUIDs are not treated as secrets - they appear in URLs, API responses, audit logs, invitation flows, shared run links, and dashboard screenshots - but an attacker does need to learn them through some out-of-band channel before exploitation is possible. **What could be disclosed.** For each child task of a targeted DAG, the endpoint returned: - `display_name`, `action_id`, `step_id` - `workflow_id`, `workflow_version_id`, `workflow_run_id`, `task_external_id` - `tenant_id`, `retry_count`, `status`, timestamps - `additional_metadata` (JSON) The `additional_metadata` field is the most sensitive: Hatchet workflows commonly use it to carry domain context such as user identifiers, customer IDs, feature flags, or correlation tokens. Its contents vary by deployment. **What was not disclosed.** The raw task `input` payload is not part of this endpoint's response shape and was not exposed through this issue. The scope is limited to task metadata, not task arguments or results. **Exploitation status.** We have no evidence that this vulnerability was exploited prior to the patch. ## Root cause Hatchet's multi-tenant authorization relies on an OpenAPI-driven middleware pipeline. Each authenticated operation declares `x-resources: ["tenant", ...]` in its spec. The `populator` middleware reads the declared resources, looks up the corresponding entities from request parameters, and stores them on the request context. The `authz` middleware then verifies that the authenticated user is a member of the tenant found on the context. The `listTasksByDAGIds` operation accepted a `tenant` UUID as a query parameter, but its OpenAPI definition did not declare `x-resources: ["tenant"]`. As a result: 1. The populator, which early-returns when no resources are declared, did not populate the tenant onto the request context. 2. The authz middleware, which runs its membership check only when a tenant is present on the context, silently passed the request through. 3. The handler read the tenant UUID directly from the query parameter and used it as the filter in the downstream OLAP query. The SQL query itself correctly filters by `tenant_id`, so it returned only rows matching the supplied UUID - but the UUID came from the caller rather than from an authorization-validated context, so the filter bounded the response to the *attacker-named* tenant rather than to a tenant the caller was authorized to read. Every other authenticated operation in the same path file (`tasks.yaml`) correctly declared `x-resources`. This endpoint was the only authenticated operation in the file that did not. ## Patch The fix adds the missing resource authz checks inline on the handler, enforcing valid tenant membership before the handler runs. Shipped in **v0.83.39**. ## Remediation **Hatchet Cloud.** No action required. The patch was deployed on April 23, 2026 within the same day it was reported. **Self-hosted - recommended.** Upgrade to **v0.83.39** or later. **Self-hosted - if you cannot upgrade immediately.** Either of the following reduces exposure until you can upgrade: - Restrict account creation by setting `SERVER_AUTH_RESTRICTED_EMAIL_DOMAINS` to an allowlist of domains you control. This prevents arbitrary users from registering an account on your instance, which removes the most common path to the prerequisite account. - Ensure the Hatchet API is not exposed to untrusted networks. We generally recommend running Hatchet inside a VPC and fronting the API with authenticated network controls; deployments configured this way were not reachable by arbitrary external attackers. ## Timeline All times April 23, 2026. - **14:05** - Reported to Hatchet. - **16:28** - Patch deployed to Hatchet Cloud and released as v0.83.39. - Public disclosure - this advisory. ## Credit Reported by @sajdakabir. Hatchet thanks the reporter for responsibly disclosing this issue and for the clear, reproducible writeup.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8020 MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-31960 MEDIUM This Month

HCL BigFix Service Management (SM) leaks sensitive information through improper error handling in its reporting module. Unauthenticated remote attackers can trigger unhandled exceptions by submitting invalid or out-of-range values to the consumer_company parameter during report-viewing requests, exposing application details in error messages. CVSS score is moderate (5.3) but reflects low confidentiality impact with no integrity or availability impact.

Information Disclosure Bigfix Service Management Sm
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8027 MEDIUM This Month

Authorization bypass in FlowiseAI Flowise up to version 3.0.12 allows authenticated users to manipulate userId, organizationId, workspaceId, and email parameters in the User Controller Handler, potentially gaining unauthorized access to other users' data or organizational resources. The vulnerability requires valid user authentication and remote network access, resulting in confidentiality impact with low attack complexity. No active exploitation in CISA KEV has been confirmed at time of analysis.

Authentication Bypass Flowise
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-40332 MEDIUM PATCH This Month

Open redirect vulnerability in Masa CMS allows unauthenticated remote attackers to craft malicious URLs on trusted Masa CMS domains that redirect victims to attacker-controlled sites via improper validation of scheme-relative URLs (paths beginning with //). This can be exploited for phishing attacks and potential token exposure in certain authentication flows. The vulnerability affects versions prior to 7.2.10, 7.3.15, 7.4.10, and 7.5.3, with CVSS 5.3 (CVSS:4.0/AV:N/AC:L/PR:N/UI:P).

Information Disclosure Open Redirect
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-3208 MEDIUM This Month

Unauthenticated attackers can retrieve PIX payment QR code images for arbitrary WooCommerce orders via the unprotected 'mp_pix_image' API endpoint in Mercado Pago payments for WooCommerce plugin versions up to 8.7.11, exposing sensitive merchant data including PIX keys, transaction amounts, merchant identity, and Mercado Pago transaction references. The vulnerability requires no authentication, user interaction, or special configuration, and exploits a missing capability check in the WordPress REST API handler. No public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-40001 MEDIUM This Month

Local privilege escalation in ZTE PROCESS Guard Service allows authenticated local users to escalate privileges and achieve arbitrary code execution through improper access control enforcement, affecting the cloud computer client. The vulnerability requires local access and authenticated user context but operates across system boundaries, potentially compromising system integrity. No active exploitation has been confirmed at time of analysis, though the combination of privilege escalation and RCE capability makes this a moderate-priority local threat.

Privilege Escalation RCE Zte Path Traversal
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-23927 MEDIUM This Month

Zabbix Agent 2 allows remote attackers with high privileges to inject malicious Oracle TNS connection strings via the 'service' parameter, enabling credential theft from saved database sessions. The vulnerability requires network access and high-level privileges but can lead to disclosure of Oracle database credentials if they are stored in named sessions. CVSS 5.1 reflects the requirement for authenticated attacker access (PR:H), though the impact to stored credentials is significant.

Oracle Information Disclosure
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-8009 MEDIUM PATCH This Month

Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-7573 MEDIUM PATCH This Month

Authorization bypass in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows authenticated low-privilege users to retrieve complete ACL policies, roles, and permissions for any user across all organizations by supplying targeted Name and Org parameters. The vulnerability affects any organization running vulnerable versions where users have valid authentication credentials, enabling privilege escalation through unauthorized access to sensitive authorization metadata.

Authentication Bypass Velociraptor
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-43580 MEDIUM PATCH This Month

OpenClaw before version 2026.4.10 allows authenticated attackers to bypass Server-Side Request Forgery (SSRF) policy enforcement through incomplete navigation guard coverage in browser press and type interactions. Attackers can trigger unauthorized navigation actions, including pressKey and type-submit flows, that skip post-action security checks, potentially enabling SSRF attacks against restricted endpoints.

Authentication Bypass SSRF Openclaw
NVD GitHub
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-43576 MEDIUM PATCH This Month

Server-side request forgery via unvalidated WebSocket URL in OpenClaw before 2026.4.5 allows authenticated attackers to pivot connections to arbitrary hosts through the Chrome DevTools Protocol (CDP) /json/version endpoint. The webSocketDebuggerUrl response field lacks validation, enabling second-hop SSRF attacks where an attacker can redirect browser profile connections to untrusted targets on internal or external networks. No public exploit code identified at time of analysis, but the vulnerability is straightforward to trigger once authenticated to the CDP endpoint.

SSRF Open Redirect
NVD GitHub
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-43582 MEDIUM PATCH This Month

Server-side request forgery in OpenClaw browser navigation policy before version 2026.4.10 allows authenticated attackers to bypass hostname validation through DNS rebinding attacks, enabling pivots to internal network resources via unallowlisted hostnames. The vulnerability exploits inconsistent hostname resolution between validation checks and actual network requests made by the Chromium engine, with fix confirmed in upstream commit 121c452d and released in version 2026.4.10.

SSRF Openclaw
NVD GitHub
CVSS 4.0
4.9
EPSS
0.0%
CVE-2026-6344 MEDIUM This Month

Fluent Forms plugin for WordPress up to version 6.2.1 allows authenticated administrators to read arbitrary files readable by the web server through path traversal in the getAttachments() method of EmailNotificationActions. The vulnerability stems from insufficient validation of file-upload URLs in admin notification configurations, permitting attackers to supply traversal sequences like <upload_baseurl>/../../<target> to access sensitive files such as wp-config.php containing database credentials and authentication salts. While unauthenticated users can trigger email notifications, the exploit requires administrator-level access to configure the malicious notification attachment.

PHP WordPress Path Traversal
NVD VulDB
CVSS 3.1
4.9
EPSS
0.3%
CVE-2026-43275 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFS_PM_LVL_0. When the RPM level is zero, the device power mode and link state both remain active. Previously, the UFS core driver bypassed flushing exception event handling jobs in this configuration. This created a race condition where the driver could attempt to access the host controller to handle an exception after the system had already entered a deep power-down state, resulting in a system crash. Explicitly flush this work and disable auto BKOPs before the suspend callback proceeds. This guarantees that pending exception tasks complete and prevents illegal hardware access during the power-down sequence.

Denial Of Service Race Condition Linux Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-43163 MEDIUM PATCH This Month

Use-after-free in the Linux kernel's md/bitmap subsystem triggers a General Protection Fault (GPF) in write_page() during MD array resize operations, resulting in a kernel crash and denial of service. Affected are systems using Software RAID (md) with bitmap support across a wide range of stable kernel series from 3.5 through 7.0, with patches backported to 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, and 6.19.6. No public exploit code exists and the EPSS score of 0.02% (7th percentile) indicates very low exploitation probability; however, Red Hat has issued a formal advisory (RHSA-2026:19568), confirming vendor acknowledgment.

Information Disclosure Race Condition Linux
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-71274 MEDIUM PATCH This Month

Use-after-free vulnerability in the Linux kernel rpmsg subsystem allows local attackers with low privileges to cause denial of service by exploiting a race condition between driver_override_show() and driver_override_store() functions. The show function reads the driver_override string without holding the device_lock while the store function modifies and frees it under lock, creating a window for memory corruption. The vulnerability requires local access and non-default timing conditions (AC:H), limiting real-world exploitation probability to 0.02% per EPSS scoring.

Race Condition Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-35253 MEDIUM This Month

Oracle Macaron Tool v0.22.0 fails to properly validate host addresses in HTTP requests, allowing unauthenticated remote attackers to cause information disclosure through crafted network traffic. The vulnerability requires user interaction (UI:R) and affects the confidentiality of the tool's host validation mechanism. No active exploitation has been publicly confirmed.

Open Redirect Oracle
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-43121 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_ref race between scrub and refill paths The io_zcrx_put_niov_uref() function uses a non-atomic check-then-decrement pattern (atomic_read followed by separate atomic_dec) to manipulate user_refs. This is serialized against other callers by rq_lock, but io_zcrx_scrub() modifies the same counter with atomic_xchg() WITHOUT holding rq_lock. On SMP systems, the following race exists: CPU0 (refill, holds rq_lock) CPU1 (scrub, no rq_lock) put_niov_uref: atomic_read(uref) - 1 // window opens atomic_xchg(uref, 0) - 1 return_niov_freelist(niov) [PUSH #1] // window closes atomic_dec(uref) - wraps to -1 returns true return_niov(niov) return_niov_freelist(niov) [PUSH #2: DOUBLE-FREE] The same niov is pushed to the freelist twice, causing free_count to exceed nr_iovs. Subsequent freelist pushes then perform an out-of-bounds write (a u32 value) past the kvmalloc'd freelist array into the adjacent slab object. Fix this by replacing the non-atomic read-then-dec in io_zcrx_put_niov_uref() with an atomic_try_cmpxchg loop that atomically tests and decrements user_refs. This makes the operation safe against concurrent atomic_xchg from scrub without requiring scrub to acquire rq_lock. [pavel: removed a warning and a comment]

Race Condition Buffer Overflow Linux Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-44455 MEDIUM PATCH GHSA This Month

HTML injection via unvalidated JSX tag names in hono allows attackers to inject arbitrary HTML elements and attributes when untrusted input is used as tag names during server-side rendering. The vulnerability affects hono versions prior to 4.12.16 when the `jsx()` or `createElement()` APIs process attacker-controlled tag names, potentially enabling XSS attacks. User interaction (rendering untrusted content) is required, and the issue is limited to applications that dynamically construct tag names from external sources rather than using static or allowlisted tags.

XSS
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-52613 MEDIUM This Month

HCL BigFix Service Management (SM) contains an insecure or outdated WSGI server implementation that exposes the application to known security weaknesses. Authenticated local attackers with high complexity conditions can achieve limited information disclosure and integrity compromise (CVSS 4.6). No active exploitation or public POC identified at time of analysis.

Authentication Bypass Information Disclosure Bigfix Service Management Sm
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-42549 MEDIUM PATCH GHSA This Month

### Summary The `make:controller` CLI command calls `mkdir(..., recursive: true)` on a path built from the user-supplied controller name, **before** Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains `/`, but the recursive directory creation side effect is already committed - including directories located outside the project root through `../` traversal. ### Affected code `flight/commands/ControllerCommand.php` (≈ 63-66): ```php if (is_dir(dirname($controllerPath)) === false) { $io->info('Creating directory ' . dirname($controllerPath), true); mkdir(dirname($controllerPath), 0755, true); // un-normalized, runs before validation } ``` ### Proof of concept ``` $ php vendor/flightphp/runway/runway make:controller '../../../../tmp/CONTROLLER_TRAVERSAL_TEST/pwn' Creating directory .../app/controllers/../../../../tmp/CONTROLLER_TRAVERSAL_TEST Nette\InvalidArgumentException: Value '../../../../tmp/CONTROLLER_TRAVERSAL_TEST/pwnController' is not valid class name. $ ls /home/user/tmp/CONTROLLER_TRAVERSAL_TEST (directory exists - created before the exception was thrown) ``` ### Impact - **Arbitrary directory creation outside the project root**, executable by any local actor that can run the Flight CLI (developer machine, shared CI build agent, compromised dev container). - Primes log-file planting for chained LFI exploitation (e.g. creating a directory where an attacker can later drop a `.php` file to be included via a distinct template-include weakness). - On Windows, the `\` separator opens additional traversal surface. ### Patch (fixed in `3.18.1`, commit `b8dd23a`) The controller name is now normalized with `basename()` and validated against `^[A-Za-z_][A-Za-z0-9_]*$` before any `mkdir` side effect runs. ### Credit Discovered by **@Rootingg**.

Microsoft PHP Path Traversal
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-7941 MEDIUM PATCH This Month

Insufficient input validation in Google Chrome on Android prior to version 148.0.7778.96 allows local attackers to inject arbitrary scripts or HTML via a crafted Chrome Extension, leading to Universal Cross-Site Scripting (UXSS). The vulnerability requires user interaction and local system access but poses a medium risk due to its ability to bypass same-origin policy protections within the browser context. No public exploit has been identified at the time of analysis.

Code Injection Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-7572 MEDIUM PATCH This Month

Off-by-one error in Velocidex Velociraptor before version 0.76.5 on Windows and Linux causes denial of service when parsing specially crafted .evtx files through the parse_evtx VQL plugin. Local attackers with user-level privileges can crash the Velociraptor process by uploading or providing malformed event log files, disrupting forensic investigations and incident response operations. The vulnerability requires user interaction (file upload/selection) but grants an attacker both integrity and availability impact despite the CVSS 4.4 (Medium) rating.

Denial Of Service Microsoft
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-7932 MEDIUM PATCH This Month

Insufficient policy enforcement in Chrome's Downloads feature prior to version 148.0.7778.96 allows local attackers with user interaction to bypass navigation restrictions and access sensitive download locations via a crafted HTML page, potentially leading to information disclosure or file manipulation. The vulnerability requires local access and user engagement with a malicious page, limiting its scope to targeted social engineering rather than remote mass exploitation.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-8014 MEDIUM PATCH This Month

Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8011 MEDIUM PATCH This Month

Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20189 MEDIUM This Month

Cisco Prime Infrastructure log file download functionality fails to enforce proper authorization checks, allowing authenticated remote attackers to download arbitrary log files beyond their access level. An attacker with valid web management interface credentials can submit crafted URL requests to the affected download service API to retrieve sensitive logs, resulting in confidential information disclosure. CVSS score of 4.3 reflects low immediate impact but legitimate data exposure risk for organizations using this management platform.

Authentication Bypass Cisco Cisco Prime Infrastructure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7972 MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-31978 MEDIUM This Month

HCL BigFix Service Management fails to sanitize spreadsheet data (CSV, XLS, XLSX) before export, allowing authenticated users to inject formulas or malicious content that executes when recipients open the files in spreadsheet applications. An attacker with legitimate service management access can craft payloads in data fields that, when exported and opened by targeted users, may exfiltrate information or trigger unintended actions-though modern Excel versions mitigate this with untrusted content warnings. CVSS 4.6 reflects moderate risk limited to authenticated users and required user interaction (opening the file).

Information Disclosure Bigfix Service Management Sm
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44374 MEDIUM PATCH GHSA This Month

### Impact The unprocessed entities read endpoints in `@backstage/plugin-catalog-backend-module-unprocessed` do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting Backstage installations using this module. ### Patches This is patched in `@backstage/plugin-catalog-backend-module-unprocessed` version 0.6.11, `@backstage/plugin-catalog-unprocessed-entities-common` version 0.0.15 and `@backstage/plugin-catalog-unprocessed-entities` version 0.2.30. Users should upgrade all packages. ### Workarounds If users cannot upgrade, they can remove the `@backstage/plugin-catalog-backend-module-unprocessed` module from their backend until the patch is applied. There is no configuration-based workaround to add permission checks to these endpoints without upgrading.

Authentication Bypass Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7999 MEDIUM PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8013 MEDIUM PATCH This Month

Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20193 MEDIUM This Month

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADIUS Policy API endpoints and gain unauthorized read access to sensitive policy details through direct API calls. The vulnerability affects ISE software across versions due to improper RBAC enforcement on API endpoints, enabling privilege escalation from read-only to unauthorized data disclosure. CVSS score is 4.3 with low attack complexity, but exploitation requires valid administrative credentials.

Authentication Bypass Cisco Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7983 MEDIUM PATCH This Month

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7979 MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7969 MEDIUM PATCH This Month

Integer overflow in Chrome's Network component prior to version 148.0.7778.96 allows remote attackers to bypass same-origin policy after compromising the renderer process via a crafted HTML page. The vulnerability requires renderer compromise and user interaction, limiting real-world risk despite network-accessible attack surface. No active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7942 MEDIUM PATCH This Month

Integer overflow in ANGLE graphics library in Google Chrome prior to version 148.0.7778.96 allows remote attackers to leak cross-origin data by delivering a crafted HTML page that triggers the vulnerability. The vulnerability requires user interaction (visiting a malicious webpage) but can bypass same-origin policy protections, exposing sensitive data from other domains. No public exploit code or active exploitation has been confirmed at analysis time.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7936 MEDIUM PATCH This Month

Out-of-bounds memory read in Google Chrome's V8 JavaScript engine allows remote attackers to disclose sensitive information via a crafted HTML page. Affects Chrome versions prior to 148.0.7778.96. The vulnerability requires user interaction (opening a malicious page) but operates over the network with no authentication required. While classified as medium severity by Chromium, the impact is limited to information disclosure without code execution capability.

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7904 MEDIUM PATCH This Month

Out-of-bounds memory read in Google Chrome's font handling allows remote attackers to leak sensitive information via a crafted HTML page when users visit a malicious website. Chrome versions prior to 148.0.7778.96 are affected. The vulnerability requires user interaction (clicking a link or visiting a page) but occurs over the network without authentication. Information disclosure risk is limited (CVSS C:L) with no impact on integrity or availability, but the Chromium security severity designation of High indicates concern about potential information leakage in real-world exploitation.

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7933 MEDIUM PATCH This Month

Out-of-bounds read in WebCodecs video processing in Google Chrome versions prior to 148.0.7778.96 allows remote attackers to leak sensitive memory contents via a crafted video file. The vulnerability requires user interaction to open a malicious video, but affects all users regardless of authentication. Chrome 148.0.7778.96 and later versions patch this information disclosure vulnerability, which could expose cryptographic keys, session tokens, or other sensitive data resident in adjacent memory.

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7946 MEDIUM PATCH This Month

Insufficient policy enforcement in Chrome's WebUI on Linux, Mac, Windows, and ChromeOS prior to 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass site isolation via a crafted HTML page, potentially exposing sensitive cross-site data. The vulnerability requires user interaction (UI:R) and prior renderer compromise, limiting its standalone exploitability. Vendor-released patch available in version 148.0.7778.96.

Authentication Bypass Microsoft Google Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7915 MEDIUM PATCH This Month

Insufficient data validation in DevTools in Google Chrome on Android prior to version 148.0.7778.96 allows remote attackers to bypass navigation restrictions by sending a crafted HTML page, requiring user interaction to open the malicious page. The vulnerability has a low CVSS score (4.3) due to limited confidentiality impact and requirement for user click, but affects all Android users running vulnerable versions. A vendor-released patch is available.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8004 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7961 MEDIUM PATCH This Month

Google Chrome prior to version 148.0.7778.96 contains insufficient validation of untrusted input in the Permissions system, allowing attackers on the local network segment to leak cross-origin data through malicious network traffic. The vulnerability requires network adjacency but no user interaction or authentication, affecting confidentiality with medium Chromium severity. Patch is available from Google.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7986 MEDIUM PATCH This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy