Skip to main content
CVE-2026-8005 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20172 MEDIUM This Month

Cisco Enterprise Chat and Email (ECE) Lite Agent feature allows authenticated remote attackers with Agent role credentials to upload files containing malicious scripts or HTML, which are then served to other users without adequate content validation. Successful exploitation enables stored cross-site scripting (XSS) attacks in victim browsers. The vulnerability requires valid user credentials and Agent role privileges but no user interaction on the victim side, affecting confidentiality and integrity but not availability.

File Upload Cisco
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2306 MEDIUM This Month

Authenticated subscribers can create arbitrary database tables in WordPress installations running Ninja Tables plugin version 5.2.6 and earlier via missing authorization checks on the createFluentCartTable function. This allows low-privileged users to pollute the database and cause resource exhaustion without requiring administrative access, affecting any site where subscribers have plugin interaction permissions.

Authentication Bypass Denial Of Service WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7996 MEDIUM PATCH This Month

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-7993 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-7947 MEDIUM PATCH This Month

UI spoofing via insufficient input validation in Google Chrome prior to 148.0.7778.96 allows a remote attacker who has already compromised the renderer process to craft malicious HTML pages that deceive users about the legitimate UI elements. The attack requires renderer process compromise as a prerequisite and user interaction with the crafted page, limiting real-world applicability to multi-stage attacks. Chromium assessed this as medium severity; no public exploit code or active exploitation has been identified.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-7964 MEDIUM PATCH This Month

Insufficient input validation in the FileSystem API in Google Chrome prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to perform arbitrary file read and write operations through a malicious HTML page. The vulnerability requires prior renderer compromise and user interaction with a crafted page, limiting its attack surface despite network-accessible vectors. Vendor has released a patched version.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-7989 MEDIUM PATCH This Month

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-7952 MEDIUM PATCH This Month

Insufficient policy enforcement in Chrome Extensions prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass discretionary access controls via a crafted HTML page, potentially leading to unauthorized information disclosure or modification. The vulnerability requires user interaction and a pre-existing renderer compromise, limiting its practical exploitation scope. A vendor-released patch is available in Chrome 148.0.7778.96 and later.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-7943 MEDIUM PATCH This Month

Insufficient input validation in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome prior to version 148.0.7778.96 allows remote attackers who have compromised the renderer process to perform arbitrary memory read and write operations via a crafted HTML page. The vulnerability requires renderer process compromise as a precondition, user interaction, and high attack complexity, making it a post-exploitation vector rather than a primary attack surface. Patch is available from vendor.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-7934 MEDIUM PATCH This Month

Insufficient input validation in Google Chrome's Popup Blocker prior to version 148.0.7778.96 enables a remote attacker with a compromised renderer process to bypass navigation restrictions and access restricted content via a crafted HTML page. The vulnerability requires renderer process compromise and user interaction, limiting real-world exploitability despite its authentication bypass classification. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-7912 MEDIUM PATCH This Month

Integer overflow in the GPU component of Google Chrome on Android prior to version 148.0.7778.96 enables a remote attacker whose renderer process has been compromised to execute arbitrary read and write operations via a malicious HTML page. The vulnerability requires prior compromise of the renderer process and user interaction, limiting its standalone exploitability but creating a significant secondary threat following renderer exploitation. Chromium security team rated this as high severity; no public exploit code or active exploitation has been identified at time of analysis.

Buffer Overflow Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-8021 MEDIUM PATCH This Month

Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Code Injection Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy