Skip to main content
CVE-2026-20245 HIGH POC KEV THREAT NEWS Act Now

Local privilege escalation in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated netadmin user to execute arbitrary commands as root by uploading a crafted file through the CLI. Cisco has observed limited real-world exploitation that resulted in unauthorized configuration changes being pushed to downstream edge devices, though the issue is not currently listed in CISA KEV and no public exploit code has been identified at time of analysis.

Command Injection Cisco
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.1%
Threat
4.6
CVE-2026-28318 HIGH POC KEV THREAT NEWS Act Now

Remote denial-of-service in SolarWinds Serv-U allows unauthenticated attackers to crash the Serv-U service by sending specially crafted POST requests using Content-Encoding: deflate. The flaw carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and maps to CWE-400 (uncontrolled resource consumption), affecting service availability without compromising confidentiality or integrity; no public exploit identified at time of analysis.

Denial Of Service Serv U
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.1%
Threat
4.5
CVE-2026-8037 CRITICAL POC Act Now

Unauthenticated OS command injection in the API of Progress ADC products - LoadMaster, ECS Connections Manager, Object Scale Connection Manager, and MOVEit WAF - allows remote attackers to execute arbitrary commands on the appliance by supplying unsanitized input to multiple command endpoints. The flaw carries a CVSS of 9.8 (pre-auth, network-reachable) and publicly available exploit code exists (a GitHub PoC and watchTowr Labs write-up), though EPSS remains low at 0.30% and CISA SSVC currently rates exploitation status as 'none'. Fixed builds (7.2.63.2 and 7.2.54.18) are available from Progress.

RCE Command Injection Loadmaster Ecs Connections Manager Object Scale Connection Manager +1
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2019-25741 CRITICAL POC Act Now

Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Mobatek Mobaxterm
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2019-25727 CRITICAL POC Act Now

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2019-25738 CRITICAL POC Act Now

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass WordPress
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2019-25729 CRITICAL POC Act Now

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-71316 CRITICAL POC PATCH Act Now

Arbitrary DLL loading in SQLite's sqldiff.exe utility on Windows allows attackers to achieve code execution by abusing the Microsoft C runtime's Unicode-to-ANSI Best-Fit character conversion. Specially crafted Unicode characters in command-line arguments can be transformed into ASCII characters that sqldiff then parses as the '-L' option, loading an attacker-supplied DLL. Publicly available exploit research (Blackhat EU 2024 'WorstFit' presentation) demonstrates the technique, though no public exploit identified targeting sqldiff specifically and it is not listed in CISA KEV.

Microsoft RCE
NVD
CVSS 4.0
9.2
EPSS
0.0%
CVE-2019-25728 HIGH POC This Week

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25730 HIGH POC This Week

Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25726 HIGH POC This Week

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi All In One Video Downloader
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25745 HIGH POC This Week

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google SQLi WordPress
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25732 HIGH POC This Week

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25736 HIGH POC This Week

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Labf Nfsaxe
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25735 HIGH POC This Week

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Allplayer
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2019-25733 HIGH POC This Week

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Netsharewatcher
NVD Exploit-DB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-25551 HIGH POC This Week

Local privilege escalation in Seagull Software BarTender 2021 R1 through 12.0.1 allows any low-privileged user on the host to gain SYSTEM execution by sending a crafted BinaryFormatter payload to a localhost-bound .NET Remoting endpoint. Publicly available exploit code exists (a YSoSerial.NET-based PoC is published as a GitHub gist), and the issue carries a CVSS 4.0 base score of 8.5 with high confidentiality, integrity, and availability impact. No CISA KEV listing is present, so exploitation is opportunistic rather than confirmed in-the-wild.

Deserialization RCE Bartender 2021
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-42824 HIGH POC PATCH NEWS NO ACTION HOSTED Monitor

Information disclosure in Microsoft 365 Copilot allows remote unauthenticated attackers to exfiltrate data via command injection (CWE-77) over the network. Microsoft reported the issue (CVE-2026-42824) with a CVSS 3.1 base score of 7.5 reflecting high confidentiality impact only, and publicly available exploit code exists though it is not listed in CISA KEV. EPSS is very low at 0.08% (24th percentile) and the CISA SSVC decision framework rates exploitation as 'none' and automatable as 'no', suggesting realistic exploitation is currently limited despite the POC.

Command Injection Microsoft 365 Copilot
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10873 HIGH POC This Week

OS command injection in Shibby Tomato 1.28.0000 firmware allows authenticated remote attackers to execute arbitrary operating system commands by manipulating input to the rstats_path function within the /bin/rstats binary exposed via the Web UI. Publicly available exploit code exists per the Gitee advisory disclosed through VulDB, and the affected project is end-of-life - superseded by FreshTomato - meaning no upstream vendor patch is forthcoming. CVSS 4.0 base score is 7.3 with high privileges required but high confidentiality, integrity, and availability impact on the router.

Command Injection Tomato
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-10870 HIGH POC This Week

OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary operating system commands via the start_dhcpc function in /sbin/rc, reachable through the Web UI. Publicly available exploit code exists per the VulDB advisory. The project has been discontinued and superseded by FreshTomato, meaning no upstream fix from the original maintainer is expected.

Command Injection Tomato
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-10872 HIGH POC This Week

OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary operating system commands via the start_vpnserver function in /sbin/rc, reachable through the Web UI. Publicly available exploit code exists, and the project is end-of-life - superseded by FreshTomato - meaning no upstream patch is forthcoming. The CVSS 4.0 score of 7.3 reflects high impact on confidentiality, integrity, and availability, but high privileges are required to trigger the flaw.

Command Injection Tomato
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-10871 HIGH POC This Week

OS command injection in Shibby Tomato 1.28.0000 router firmware allows authenticated remote attackers to execute arbitrary shell commands by manipulating the ipv6_6rd_borderrelay argument processed by the start_6rd_tunnel function in /sbin/rc via the Web UI. Publicly available exploit code exists per VulDB disclosure, and the project is end-of-life - superseded by FreshTomato - meaning no upstream fix is expected.

Command Injection Tomato
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2019-25740 HIGH POC This Week

Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Js Jobs
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48567 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Privilege elevation in Microsoft Azure HorizonDB allows remote unauthenticated attackers to bypass authentication via identity spoofing and gain elevated access across trust boundaries. The CVSS 10.0 score reflects network-reachable exploitation with no privileges or user interaction required, and a scope change indicating impact beyond the initially vulnerable component. No public exploit identified at time of analysis, but a Microsoft-issued patch is available via MSRC.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-48579 CRITICAL PATCH NEWS NO ACTION HOSTED Monitor

Information disclosure in Microsoft Exchange Online allows remote unauthenticated attackers to access sensitive data due to improper authorization enforcement (CWE-285). The flaw carries a CVSS 9.1 score reflecting network-reachable exploitation without privileges or user interaction, though no public exploit identified at time of analysis. Microsoft has issued a fix through its cloud service, and the CVSS vector indicates high confidentiality and integrity impact despite the description focusing on disclosure.

Authentication Bypass Microsoft
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-49185 CRITICAL Act Now

Unauthenticated remote command injection in Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows attackers to inject OS commands via the FieldX MDM adb messaging topic, which forwards unverified payloads to Runtime.exec(). The CVSS 4.0 score of 10.0 with network attack vector and no authentication required indicates a critical, trivially exploitable flaw; no public exploit identified at time of analysis but the simplicity of the bug pattern makes weaponization straightforward.

Command Injection Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
10.0
EPSS
0.0%
CVE-2026-43986 CRITICAL PATCH Act Now

Unauthenticated server-side request forgery in Tautulli versions prior to 2.17.1 allows remote attackers to coerce the Tautulli or Plex Media Server host into fetching arbitrary attacker-chosen URLs via the public `/image/<hash>` route. A low-privilege guest first seeds a malicious external URL into the `image_hash_lookup` table, after which any unauthenticated external user can trigger the SSRF by requesting the resulting hash. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-m6j6-rc2c-8vpm and a vendor patch in v2.17.1 confirm the issue.

Python SSRF
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-35905 CRITICAL Act Now

Hardcoded root credentials in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allow remote unauthenticated attackers to gain full root-level control via the built-in 'superadmin' account. The CVSS 9.8 rating reflects network-reachable, no-interaction exploitation with total impact to confidentiality, integrity, and availability, and SSVC marks the issue as automatable with total technical impact. No public exploit identified at time of analysis, and EPSS remains very low (0.02%) despite the severity, suggesting limited current scanning activity.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-35904 CRITICAL Act Now

Unauthenticated Telnet service activation in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allows remote attackers to enable Telnet by sending a crafted request to a vulnerable CGI component in the web management interface. SSVC scores the technical impact as total with automatable exploitation and a public proof-of-concept available, although EPSS remains low at 0.02% and the CVE is not currently listed in CISA KEV.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36182 CRITICAL Act Now

Weak password hashing on the GNCC GP5 IP camera (firmware v7.1.76) allows attackers who obtain the password hash to recover the root credential via offline brute-force, yielding full device takeover. The CVSS 9.8 score reflects network-reachable impact, but real-world exploitation first requires extracting the hash from the device; no public exploit identified at time of analysis and EPSS is very low at 0.02%.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-10880 CRITICAL PATCH Act Now

Authentication bypass via SQL injection in OSNexus QuantaStor SDS Manager allows unauthenticated remote attackers to log in as administrator by injecting crafted input into the login endpoint's username field. The flaw carries a CVSS 9.8 rating and grants full administrative control over the storage management plane without any valid credentials. No public exploit identified at time of analysis, though the vulnerability was disclosed by researchers at Black Lantern Security (BLSOPS).

SQLi Quantastor
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4104 CRITICAL Act Now

SQL injection in Akmer Informatics TeknoPass versions 20210501 through 20260429 allows remote unauthenticated attackers to bypass authorization by manipulating a user-controlled SQL primary key. With a CVSS 9.8 score and full CIA impact under network-reachable, low-complexity conditions, successful exploitation can yield database compromise and authorization bypass. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-67446 CRITICAL Act Now

Authentication bypass in Neterbit NW-431F routers running firmware 20241014-IR03 and earlier allows remote unauthenticated attackers to gain administrative access by simply setting a session cookie value to a predictable string such as 'admin'. The CVSS 9.8 rating reflects trivial network exploitability with full confidentiality, integrity, and availability impact, and a public proof-of-concept exists in the referenced GitHub repository, though the issue is not currently listed in CISA KEV.

Authentication Bypass Session Fixation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-67447 CRITICAL Act Now

OS command injection in the Neterbit NW-431F Router (firmware 20241014-IR03 and earlier) allows remote unauthenticated attackers to execute arbitrary commands via the ping diagnostic module's IP address field. With a CVSS of 9.8 and a low-complexity network attack vector, exploitation runs with web-server privileges and no public exploit has been identified at time of analysis, though a researcher-published reference on GitHub may contain technical details.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-10886 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to exploit a use-after-free condition in the FileSystem component via a crafted HTML page, with user interaction required. Google has rated the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis, though the high CVSS score (9.6) and scope-changed impact warrant rapid patching.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-10881 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to trigger an out-of-bounds read and write via a crafted HTML page, with a CVSS 9.6 reflecting scope change and high impact across confidentiality, integrity, and availability. The flaw was rated Critical internally by Chromium and reported by Google's own CVE admin team; no public exploit identified at time of analysis, and CISA SSVC currently lists exploitation status as none.

Information Disclosure Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11213 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses Reading Mode's insufficient input validation. The CVSS 9.6 rating reflects the scope-changing impact (S:C) when chained from a renderer compromise, though EPSS is very low (0.05%) and no public exploit identified at time of analysis. Chromium rates the underlying issue Medium severity, reflecting that prior renderer compromise is a prerequisite.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11207 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox by sending malicious network traffic processed by the Autofill component. The flaw is rated CVSS 9.6 due to scope change and high impact across confidentiality, integrity, and availability, though Chromium itself assigns it Medium severity and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis, but a vendor-released patch is available.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11198 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the browser's renderer sandbox by serving a crafted video file processed by Chrome's media codec stack. The flaw stems from insufficient validation of untrusted input in the Codecs component and requires the victim to load attacker-controlled video content, but successful exploitation yields cross-origin impact (Scope: Changed) with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 15th percentile), though the 9.6 CVSS rating and sandbox-escape primitive make this a high-priority browser patch.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11146 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Chromoting component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) and carries a CVSS 9.6 due to scope change, though Chromium itself rated the severity Medium and EPSS shows only 0.05% exploitation probability with no public exploit identified at time of analysis.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11120 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Enterprise Reporting component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) and carries a CVSS 9.6 due to scope change, though no public exploit is identified at time of analysis and EPSS sits at 0.05% (15th percentile).

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11119 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses an inappropriate implementation in the GPU component. The flaw requires user interaction (visiting a malicious page) and presupposes a prior renderer compromise, but a successful chain yields full sandbox escape on the mobile platform. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.05%, 15th percentile).

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11113 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The CVSS 9.6 score reflects the scope-changing impact (S:C) from renderer to host context, though Chromium itself rates this Medium severity and no public exploit identified at time of analysis. EPSS is very low at 0.05%, suggesting limited near-term mass exploitation despite the high CVSS.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11112 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted Chrome Extension targeting the Chromoting (Chrome Remote Desktop) component. The flaw is rated CVSS 9.6 due to scope change and full CIA impact, though EPSS exploitation probability is very low (0.05%, 15th percentile) and no public exploit identified at time of analysis. Google has shipped a patch in the stable channel update for desktop.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11095 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page processed by the codec subsystem. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, but if chained successfully it enables full code execution on the host with a scope change. No public exploit identified at time of analysis and EPSS probability is very low (0.05%), but the 9.6 CVSS reflects the high impact of a successful sandbox escape.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11070 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via crafted Chromoting (Chrome Remote Desktop) network traffic. The flaw is rated CVSS 9.6 due to the scope change from sandboxed process to host, though Google classifies the Chromium severity as Medium. EPSS is very low (0.05%) and no public exploit identified at time of analysis, but a vendor patch is available.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11066 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a crafted HTML page that exploits insufficient input validation in the ANGLE graphics layer. The flaw requires the victim to visit attacker-controlled content (UI:R) but no authentication, and the scope-changing CVSS 9.6 reflects the impact of escaping browser process isolation. EPSS is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11056 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Site Isolation sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input in the Site Isolation component (CWE-20) and is rated CVSS 9.6 due to scope change, though Chromium itself classifies the underlying severity as Medium. No public exploit has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), but the chained-exploit potential makes it a meaningful browser-security risk.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11047 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw resides in the Base component and is rated Medium severity by Chromium despite the CVSS 9.6 score, reflecting the prerequisite of a prior renderer compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.05%.

Information Disclosure Google Microsoft Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11029 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting the Drag and Drop component. The flaw carries a CVSS 9.6 due to scope change, but no public exploit identified at time of analysis and EPSS is very low (0.05%, 15th percentile), indicating limited near-term exploitation likelihood. Google rates the underlying Chromium severity as Medium despite the high CVSS.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
Page 1 of 12 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy