Skip to main content
CVE-2026-49192 MEDIUM This Month

Insecure Direct Object Reference (IDOR) in the Acer Connect M6E 5G Portable WiFi Router's summary service endpoint allows authenticated remote users to access device data belonging to other users by supplying arbitrary hardware serial numbers the endpoint fails to validate against session ownership. The vulnerability affects all tracked versions per CPE data, requires only a valid authenticated session, and involves no user interaction or special configuration. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-11005 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's ANGLE graphics layer on Windows exposes sensitive process memory to an attacker who has already achieved renderer compromise. Affected are all Chrome for Windows installations prior to 149.0.7827.53; macOS, Linux, Android, and iOS are not in scope per available data. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.03% (11th percentile) and SSVC exploitation status of 'none' jointly indicate this is a low-priority real-world threat, functioning primarily as a post-exploitation information-disclosure step in a multi-stage browser attack chain rather than a standalone critical vulnerability.

Information Disclosure Google Microsoft Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11004 MEDIUM PATCH This Month

Out-of-bounds read in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome prior to 149.0.7827.53 enables an attacker who has already compromised the renderer process to leak potentially sensitive data from process memory via a crafted HTML page. The CVSS vector (AC:H, UI:R) reflects a two-stage exploitation requirement: the attacker must first achieve renderer compromise through a separate vulnerability, then chain this ANGLE flaw as a second-stage information disclosure primitive. No public exploit code has been identified and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis.

Information Disclosure Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11145 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome for Android (versions prior to 149.0.7827.53) is enabled by a race condition in the Geolocation subsystem, exploitable by a remote unauthenticated attacker who tricks a victim into visiting a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network reachability with no required privileges, though user interaction is mandatory. No active exploitation has been confirmed (not in CISA KEV), and EPSS sits at 0.03% (10th percentile), indicating very low real-world exploitation probability despite the High confidentiality impact rating.

Information Disclosure Google Race Condition Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-49077 MEDIUM This Month

Sensitive data exposure in the WP eMember WordPress plugin (Tips and Tricks HQ) through version 10.2.2 allows unauthenticated remote attackers to retrieve embedded sensitive system information via a network request. The vulnerability is classified under CWE-497, meaning internally sensitive data is reachable from an unauthorized control sphere - in this case, the open internet without credentials. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation probability from EPSS data was not provided, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms this is trivially reachable from any network source.

Information Disclosure Wp Emember
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11174 MEDIUM PATCH This Month

Site Isolation bypass in Google Chrome prior to 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections via a crafted HTML page, exposing high-confidentiality data from other origins loaded in the browser. This is a chained, second-stage exploit component: it does not function standalone but amplifies the impact of a separate renderer compromise by breaking Chrome's primary cross-site data isolation boundary. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low current exploitation probability despite the high confidentiality impact rating.

Authentication Bypass Google Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-10861 MEDIUM PATCH This Month

Open redirect in MISP versions up to and including 2.5.38 allows unauthenticated remote attackers to craft links that silently redirect victims to attacker-controlled external URLs immediately after successful authentication. The vulnerability resides in UsersController::routeafterlogin(), where the pre_login_requested_url session value was reflected into a Location header without enforcing local-path constraints. SSVC signals exploitation as 'none' and no CISA KEV listing exists, but the automatable designation and the high-trust context of a threat intelligence platform make this a meaningful phishing amplifier against security teams who would not expect a trusted MISP login to forward them off-site.

Open Redirect Misp
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-10856 MEDIUM PATCH This Month

Open redirect in MISP's dashboard button widget (versions up to and including 2.5.38) enables an authenticated, high-privileged user who controls dashboard configuration to plant a crafted button URL that appears to point internally but redirects clicking users to an attacker-controlled external site. The root cause is an incomplete URL allowlist in Button.ctp that blocked explicit schemes, hosts, and user components but did not reject paths beginning with /\ - a pattern several browsers normalize into a scheme-relative URL (i.e., //attacker.com). No public exploit exists and CISA SSVC rates exploitation as none; risk is substantially constrained by the PR:H requirement and the need for a victim to interact with the planted button.

Open Redirect Misp
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-10855 MEDIUM PATCH This Month

Authorization bypass in MISP's Event Template Importer allows authenticated users with template import privileges to overwrite event templates owned by other organizations on the same shared instance, violating inter-organizational data ownership boundaries. Versions up to and including 2.5.38 are affected; the overwrite workflow confirmed template existence but omitted an organizational ownership check, enabling cross-org template corruption. No public exploit code has been identified at time of analysis and SSVC signals no active exploitation, but the integrity impact is operationally significant in multi-tenant MISP deployments where organizational trust boundaries are critical.

Authentication Bypass Misp
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-10814 LOW POC PATCH Monitor

Weak hashing in milvus-io/milvus up to 2.6.13 exposes the Grantee ID Hash Handler in the KV metadata catalog (internal/metastore/kv/rootcoord/kv_catalog.go), allowing a low-privileged local attacker to predict or forge 16-character grantee IDs used in RBAC privilege assignments backed by etcd. Successful exploitation - rated high complexity - could result in unauthorized manipulation of access control metadata, yielding low-level confidentiality, integrity, and availability impact on the affected Milvus instance. A proof-of-concept has been publicly disclosed via GitHub issue #49857, though no active exploitation is confirmed in CISA KEV.

Information Disclosure Milvus
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-10801 LOW POC PATCH Monitor

Cache key collision in modelscope ms-swift up to 4.2.0 allows a local, low-privileged attacker to cause PIL image integrity failures via the Template._save_pil_image function in swift/template/base.py. The root cause is that the image cache key was computed by hashing only raw pixel bytes (image.tobytes()), without incorporating image metadata such as dimensions or color mode - meaning two structurally different images (e.g., 120×80 vs 80×120) sharing identical byte payloads produce the same SHA-256 cache key and thus collide to the same cached file path. No public exploit identified at time of analysis beyond the publicly disclosed proof-of-concept; no active exploitation confirmed (not listed in CISA KEV).

Information Disclosure Ms Swift
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-10813 LOW POC PATCH Monitor

Weak hash truncation in LMCache up to 0.4.6 allows a local low-privilege attacker to induce KV cache collisions by exploiting the severely constrained 16-bit integer output of `hex_hash_to_int16` in the vLLM integration's KV Cache Handler. The function masks multimodal content hash identifiers to at most 65,536 unique values, making engineered collisions feasible and causing incorrect cached KV entries to be served, affecting both cache integrity and availability. A proof-of-concept has been published on GitHub (issue #3301); no public exploit confirmed in active exploitation and no CISA KEV listing exists.

Information Disclosure Lmcache
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-10812 LOW POC PATCH Monitor

Cache poisoning in zilliztech GPTCache (up to version 0.1.44) allows a local, low-privileged attacker to corrupt LLM response cache entries by exploiting weak image fingerprinting in the Cache Key Handler. The `BufferedReader.peek()` method in `gptcache/processor/pre.py` only reads the first ~8192 bytes of an image file to construct a cache key, meaning two distinct images sharing an identical header prefix generate the same cache key and collide. An attacker can submit a crafted image whose header matches a previously cached image, causing GPTCache to return a poisoned (wrong) LLM response for subsequent queries. Publicly available exploit code exists per the GitHub issue and included PoC; no active exploitation confirmed in CISA KEV at time of analysis.

Information Disclosure Gptcache
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.0%
CVE-2026-48015 MEDIUM PATCH GHSA This Month

Stored cross-site scripting in Shopware's media manager allows any authenticated admin to upload an unsanitized SVG file containing arbitrary JavaScript that executes in the Shopware domain context when the file is accessed by any user. The upload pipeline - spanning MediaUploadController, FileSaver, and TypeDetector - classifies SVG as a valid ImageType with VECTOR_GRAPHIC flag but performs zero content sanitization: no DOMPurify, no enshrined/svg-sanitize, no strip_tags on SVG XML content. In an e-commerce context this enables admin account takeover, customer data exfiltration, and malicious plugin installation. No public exploit identified at time of analysis and this vulnerability is not listed in CISA KEV.

Nextcloud XSS WordPress PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-50219 MEDIUM PATCH This Month

Use-after-free in libexpat before 2.8.2 allows memory corruption, information disclosure, and potential code execution when prohibited API functions are called from within XML event handler callbacks. All libexpat consumers - including language bindings such as CPython's xml.parsers.expat - are affected when handler code (or attacker-influenced handler logic) invokes XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset in a re-entrant manner during active parsing. No public exploit code exists at time of analysis and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog, but the CPython project has an associated open issue (python/cpython#146169) indicating ecosystem-wide reach.

Information Disclosure Use After Free Memory Corruption Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-45057 MEDIUM PATCH GHSA This Month

Message spoofing in matrix-sdk-ui before 0.16.1 allows an authenticated homeserver administrator to impersonate any user on that server by injecting unencrypted replacement events targeting encrypted original messages. The edit validation logic in the Rust crate's `matrix-sdk-ui` component omits the check that a replacement (edit) event for an encrypted original must itself also be encrypted, violating the Matrix specification's replacement event validity algorithm. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the integrity impact is high against affected clients that trust a malicious or compromised homeserver.

Information Disclosure
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-47215 MEDIUM PATCH GHSA This Month

Path restriction bypass in SingularityCE allows local authenticated low-privilege users to execute containers from directories whose names share a string prefix with administrator-configured allowed paths, defeating the `limit container paths` security control in setuid mode. The flaw exists only when this directive is actively configured in `singularity.conf`; installations not using the directive are entirely unaffected per the vendor advisory. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Path Traversal
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-50183 MEDIUM PATCH GHSA This Month

Stored XSS in AVideo's YouTubeAPI plugin allows any YouTube video uploader whose video matches the AVideo operator's configured search keyword to inject arbitrary JavaScript into every visitor's browser via the homepage gallery section. The `snippet.title` field returned by the YouTube Data API is rendered verbatim across four HTML output sites in `plugin/YouTubeAPI/gallerySection.php`, three of which apply no encoding whatsoever; the fourth applies only a partial `str_replace` that strips double-quotes and leaves the other three sinks untouched. Publicly available exploit code is documented in GHSA-66q5-cj5g-wrfx; the payload persists for up to 3600 seconds (the default cache TTL) after the hostile video is removed from YouTube, and when the victim is an authenticated AVideo administrator the injected script can escalate to full administrative takeover via cookie-based requests lacking CSRF protection.

PHP XSS Docker CSRF
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-11233 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's FoldableAPIs component (versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to exfiltrate cross-origin data by delivering a crafted HTML page. Rated Medium (CVSS 4.7) with a Changed scope, this is a second-stage exploit primitive - not a standalone critical - requiring a pre-existing renderer compromise before it is triggerable. EPSS at 0.02% (6th percentile), SSVC exploitation status of 'none', and Google's internal 'Low' severity rating collectively confirm this is a patch-on-schedule rather than emergency-response priority. No public exploit identified at time of analysis.

Authentication Bypass Google
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-36174 MEDIUM This Month

Plaintext credential exposure in GNCC GP5 v7.1.76 allows physically-proximate attackers to capture wireless network credentials by monitoring the device's serial UART interface during routine operations. The device transmits sensitive wireless network information - including network credentials - in cleartext to the serial console, making them trivially readable by anyone with physical access and a UART adapter. No public exploit is identified at time of analysis and no active exploitation is confirmed; however, a researcher-published IoT vulnerability disclosure exists on GitHub detailing the finding.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-36180 MEDIUM This Month

Runtime integrity bypass on GNCC GP5 firmware v7.1.76 enables a physically-proximate unauthenticated attacker to circumvent file system read-only protections via a bind-mount attack, allowing arbitrary modification of system files and binaries for the current boot session. The device, an IoT platform, lacks enforcement of filesystem immutability at runtime, meaning a read-only mount can be shadowed by a writable bind-mount without detection. No public exploit has been confirmed beyond the published IoT vulnerability research linked in references, and exploitation probability is very low at 0.02% EPSS (4th percentile), consistent with the physical-access requirement.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-36178 MEDIUM This Month

Factory reset in GNCC GP5 firmware v7.1.76 fails to purge cryptographic material from the JFFS2 configuration partition, leaving sensitive user data recoverable after a reset operation. An attacker with physical access to a reset device - such as a discarded, resold, or stolen unit - can read the raw flash storage and extract retained secrets. No public exploit identified at time of analysis as KEV-confirmed active exploitation, though a publicly available proof-of-concept exists per SSVC data and researcher publication.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-48016 MEDIUM PATCH GHSA This Month

Unauthorized payment triggering in Shopware's `/store-api/handle-payment` endpoint allows any low-privileged Store API caller - including guest checkout contexts - to initiate or retry the payment flow for another customer's order by supplying a known foreign `orderId`. The flaw affects `shopware/platform` and `shopware/core` versions below 6.6.10.18 and versions 6.7.0.0 through 6.7.10.0, and is confirmed fixed in releases 6.6.10.18 and 6.7.10.1 per GitHub advisory GHSA-9v5m-39wh-5chq. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS score of 4.3 (Medium) reflects limited scope: integrity of order and payment workflows is the primary risk, with no direct confidentiality or availability impact.

PHP Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-11221 MEDIUM PATCH This Month

UI spoofing in Google Chrome's PointerLock API prior to version 149.0.7827.53 allows an attacker who has already compromised the renderer process to manipulate browser UI presentation via a crafted HTML page. The CVSS score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects limited integrity-only impact with no confidentiality or availability consequences, and Google itself rated this 'Low' severity. No public exploit has been identified and the EPSS score of 0.05% (15th percentile) confirms very low real-world exploitation probability at time of analysis.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11192 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to manipulate the Password Manager's visual interface via crafted malicious network traffic, potentially deceiving users about credential prompts or password state. Exploitation requires user interaction (CVSS UI:R), limiting opportunistic mass exploitation. No public exploit code exists and no active exploitation is confirmed - EPSS sits at just 0.05% (15th percentile), consistent with a low-priority medium-severity browser component flaw. A vendor-released patch is available in Chrome 149.0.7827.53.

Information Disclosure Google
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11031 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows remote unauthenticated attackers to manipulate browser interface elements via crafted malicious network traffic. The flaw stems from insufficient input validation (CWE-20) in the Password Manager subsystem, enabling an attacker to deceive victims about the legitimacy of password prompts or credential states. No public exploit code or active exploitation has been identified; EPSS at 0.05% (15th percentile) reflects low community-assessed exploitation probability, and the mandatory user interaction requirement prevents automated mass exploitation.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11228 MEDIUM PATCH This Month

UI spoofing in Google Chrome's File Input component allows remote unauthenticated attackers to misrepresent interface elements when a user is socially engineered into performing specific UI gestures on a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53. The vulnerability carries a Chromium-assigned severity of Low and is limited to integrity impact (I:L) with no confidentiality or availability consequences. No public exploit code exists and no active exploitation is confirmed at time of analysis.

Information Disclosure Google
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11216 MEDIUM PATCH This Month

UI spoofing in Google Chrome's File Input component (versions prior to 149.0.7827.53) enables remote attackers to misrepresent security-critical interface elements to users through specially crafted HTML pages. The attacker must convince a target to perform specific UI gestures - such as drag-and-drop or deliberate click sequences - to trigger incorrect rendering of the browser's file selection security UI. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) signals very low exploitation probability, consistent with no CISA KEV listing.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11162 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's CSS implementation exposes sensitive information from other origins when a user visits a crafted HTML page. Affected are all Chrome versions prior to 149.0.7827.53 on desktop platforms. An unauthenticated remote attacker can exploit this to read data from cross-origin contexts, violating the browser's Same-Origin Policy via a CSS-based side channel or direct information disclosure path. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) signals low current exploitation activity.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11161 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's DataTransfer API allows unauthenticated remote attackers to read data across origins by directing a victim to a crafted HTML page, affecting all Chrome desktop versions prior to 149.0.7827.53. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:L) confirms network accessibility without attacker authentication, but requires user interaction and yields only limited confidentiality impact with no integrity or availability consequences. No active exploitation is confirmed (not in CISA KEV), and EPSS at 0.03% (11th percentile) consistently signals low current exploitation probability.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11159 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Skia graphics library affects all versions prior to 149.0.7827.53, exploitable via a crafted HTML page requiring only a single user visit. The root cause (CWE-457: use of uninitialized memory) in Chrome's Skia rendering backend allows residual memory contents to be exposed across origin boundaries, violating the browser's same-origin policy. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) and absence from CISA KEV indicate low real-world exploitation probability at this time.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11156 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome prior to 149.0.7827.53 allows a remote unauthenticated attacker to read sensitive cross-origin data by luring a user to a crafted HTML page that exploits an inappropriate CSS implementation. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network-exploitable, no-privilege-required exploitation with a single user interaction as the only barrier. No public exploit has been identified and EPSS sits at 0.03% (11th percentile), indicating low current exploitation interest despite the low attack complexity.

CSRF Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11155 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome prior to 149.0.7827.53 allows remote unauthenticated attackers to read sensitive cross-origin information by directing a victim to a crafted HTML page that exploits an inappropriate CSS implementation. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network delivery with no privilege requirement, limited only by the need for user interaction. EPSS is 0.03% (11th percentile) and no public exploit has been identified at time of analysis; however, Google has issued a confirmed patch in the stable channel release, and the CWE-352/CSRF tag alongside the data-leakage description suggests a novel or hybrid attack class that security teams should monitor for further clarification.

CSRF Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11107 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Downloads component prior to version 149.0.7827.53 enables remote attackers to misrepresent download-related interface elements by serving a crafted HTML page. The flaw stems from an inappropriate implementation (CWE-451) in the Downloads subsystem, allowing an attacker to manipulate what the user sees during a download interaction - potentially masking file names, types, or origin - without any authentication. No public exploit code exists and EPSS sits at 0.03% (11th percentile), indicating no public exploit identified at time of analysis; however, the no-authentication, low-complexity delivery path warrants prompt patching.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11178 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's WebView component on Android allows an unauthenticated remote attacker to read data from origins outside the attacker's own domain by enticing a user to visit a crafted HTML page. Affected are all Android Chrome versions prior to 149.0.7827.53. No public exploit exists and SSVC classifies exploitation as none, but the network-accessible, low-complexity attack vector warrants patching for Android-heavy enterprise environments handling sensitive cross-origin content.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11234 MEDIUM PATCH This Month

Site isolation bypass in Google Chrome's FoldableAPIs component allows a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53. The vulnerability carries a CVSS 4.3 score, an EPSS of 0.02% (4th percentile), is not listed in CISA KEV, and no public exploit has been identified - consistent with Chromium's own 'Low' severity rating. A vendor-released patch (149.0.7827.53) is available.

Authentication Bypass Google
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11219 MEDIUM PATCH This Month

Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows remote unauthenticated attackers to circumvent Chrome's built-in navigation controls by delivering a crafted HTML page to a victim. The flaw stems from an inappropriate implementation in Chrome's Navigation subsystem (CWE-693: Protection Mechanism Failure), yielding low integrity impact with no confidentiality or availability consequences. No public exploit has been identified at time of analysis and EPSS exploitation probability is 0.02% (4th percentile), consistent with Google Chromium's own Low severity classification for this issue.

Authentication Bypass Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11126 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome DevTools affects all versions prior to 149.0.7827.53, exploitable through a crafted malicious Chrome Extension. The inappropriate DevTools implementation allows an attacker who successfully social-engineers a victim into installing the extension to read data from cross-origin contexts - violating the browser's same-origin isolation guarantees at the DevTools layer. No public exploit code exists and no CISA KEV listing is present; EPSS at 0.02% (4th percentile) confirms low exploitation probability in the wild, making this a routine patch-cycle priority rather than an emergency response item.

Information Disclosure Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11212 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's DevTools component (prior to 149.0.7827.53) enables an attacker to bypass same-origin policy enforcement through a crafted malicious extension. Exploitation requires convincing a target user to install the attacker-controlled extension, after which cross-origin data can be exfiltrated via insufficient DevTools policy controls. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates very low observed exploitation probability; the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11062 MEDIUM PATCH This Month

Script and HTML injection into privileged Chrome pages is possible in Google Chrome prior to 149.0.7827.53 through insufficient policy enforcement in the Extensions subsystem. An attacker who convinces a user to install a crafted malicious extension can leverage this to inject content into otherwise-restricted privileged pages, compromising page integrity. EPSS is 0.01% (1st percentile), no KEV listing exists, and no public exploit has been identified at time of analysis - indicating low observed exploitation pressure despite the network-accessible attack vector.

Google Code Injection Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48012 MEDIUM PATCH GHSA This Month

Unauthenticated open redirect in Shopware's SSO entry point (GET /api/oauth/sso/auth) allows any remote attacker to cause a victim's browser to navigate to an arbitrary attacker-controlled URL - including javascript: URIs - by supplying a malicious Referer header. Affected are shopware/core and shopware/platform versions 6.7.3.0 through 6.7.10.0; the redirect is served from a trusted /api/oauth/ origin, materially increasing phishing credibility. A Python proof-of-concept demonstrating three distinct exploitation variants (no Referer, external HTTPS redirect, javascript: scheme injection) exists; no active exploitation is confirmed in CISA KEV at time of analysis.

Python Open Redirect
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-52606 MEDIUM This Month

Weak input validation in HCL iControl allows authenticated remote attackers to submit input of an unexpected type, resulting in limited integrity impact against the target system. The vulnerability stems from an implementation deficiency in an architectural security tactic - specifically, the application's failure to correctly validate received input against its expected type. No public exploit code exists and no active exploitation has been confirmed; however, the low-complexity, network-accessible attack vector lowers the bar for authenticated users to abuse this flaw.

Information Disclosure Icontrol
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48013 MEDIUM PATCH GHSA This Month

Server-side request forgery in Shopware's media subsystem allows authenticated admin users to make arbitrary HTTP HEAD requests to internal network addresses and cloud metadata endpoints via the `/api/_action/media/external-link` endpoint. The root cause is an inconsistency between two URL-handling flows in `MediaUploadService`: the `uploadFromURL` flow correctly validates resolved IPs against private/reserved ranges, while the `linkURL` flow only checks that the URL begins with `http://` or `https://`. Exploiting this, an admin can probe cloud metadata services, enumerate internal ports, and leak `content-length` values from internal services; no public exploit has been identified at time of analysis, and a vendor-released patch exists in version 6.7.10.1.

PHP Information Disclosure SSRF
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%
CVE-2026-10998 MEDIUM PATCH This Month

Out-of-bounds memory read in Chrome's Media component allows a local-network-adjacent attacker to leak partial memory contents via specially crafted network traffic. Affects all Chrome releases prior to 149.0.7827.53 on desktop platforms, as confirmed by Google's stable channel advisory. No public exploit code exists and no active exploitation has been identified; SSVC assessment rates technical impact as partial with exploitation status none, placing this in a lower-priority remediation tier despite the unauthenticated vector.

Information Disclosure Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-48011 LOW PATCH GHSA Monitor

Timing-based administrator username enumeration in Shopware's OAuth token endpoint exposes valid admin accounts to unauthenticated remote attackers. The flaw exists in shopware/platform and shopware/core packages across the 6.6.x and 6.7.x branches, where the API endpoint api/oauth/token responds measurably faster for non-existent usernames than for valid ones due to skipping the Argon2id password_verify() call. A publicly available proof-of-concept exploit exists; while not confirmed actively exploited in CISA KEV, the POC lowers the barrier for targeted brute-force, credential stuffing, and spear phishing campaigns against Shopware admin panels. CVSS rates this 3.7 (AC:H), reflecting that reliable exploitation requires statistical timing analysis across many requests.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52609 LOW Monitor

Missing HTTP security response headers in HCL iControl fail to instruct client browsers to engage their built-in XSS filtering mechanisms, creating an exploitable gap classified under CWE-693 (Protection Mechanism Failure). The flaw is network-accessible and requires no authentication (PR:N per CVSS), but carries a CVSS 3.7 Low score due to high attack complexity (AC:H) and limited integrity-only impact (I:L). No public exploit code exists and this vulnerability is not listed in CISA KEV, placing it in the compliance/hardening category rather than immediate critical risk.

XSS Icontrol
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-62338 LOW Monitor

Local information exposure in HCL BigFix Cloud Lifecycle Management stems from insufficient input validation, allowing a locally authenticated low-privileged user to access data they should not be authorized to view. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires local system access and a low-privilege account. No active exploitation has been confirmed and no public exploit code is known at time of analysis. Despite a tag of 'Authentication Bypass,' the PR:L vector indicates some authentication is required - this discrepancy should be clarified with the vendor advisory.

Authentication Bypass Information Disclosure Bigfix Cloud Lifecycle Management
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-52611 LOW Monitor

Stack trace disclosure in HCL iControl v4.0.0 exposes internal application details to authenticated remote attackers via unhandled JavaScript exceptions. The application fails to catch a runtime error when attempting to read the 'dashboard' key from an undefined object, returning a full stack trace to the requesting client. No public exploit exists and no active exploitation has been observed; CVSS scores this Low (3.1), reflecting strictly limited confidentiality impact with no integrity or availability consequences.

Information Disclosure Icontrol
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-52608 LOW Monitor

HCL iControl exposes session cookies without the Secure or SameSite attributes set, and with the cookie path scoped to root, enabling network-adjacent attackers with authenticated sessions to perform limited integrity modifications under high-complexity conditions. The missing Secure attribute allows cookies to be transmitted over unencrypted HTTP channels, while the absent SameSite attribute opens a cross-site request forgery vector. CVSS scores this at 3.1 (Low); no public exploit code exists and it is not listed in CISA KEV.

Information Disclosure Icontrol
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-50266 LOW PATCH Monitor

Incorrect RBAC policy in OpenStack Neutron before 28.0.1 allows an authenticated project manager to set device_owner on ports of shared networks they do not own to privileged network-service values (e.g., 'network:dhcp'), obtaining trusted network-service port behavior without owning the underlying network. Depending on backend and deployment configuration, this enables DHCP, MAC, or IP spoofing against co-tenants sharing that network, effectively bypassing anti-spoofing and security group protections. This is a confirmed regression of CVE-2015-5240 (OSSA-2015-018); no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass Neutron
NVD VulDB
CVSS 3.1
2.2
EPSS
0.0%
Prev Page 11 of 12 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy