Skip to main content
CVE-2026-11043 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an out-of-bounds write in ANGLE triggered by a crafted HTML page. The flaw carries a high CVSS of 9.6 due to scope change and full CIA impact, though no public exploit has been identified and EPSS exploitation probability remains very low at 0.03%.

Google Memory Corruption Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11037 CRITICAL PATCH Act Now

Out-of-bounds write in Google Chrome's media Codecs component prior to version 149.0.7827.53 allows a remote attacker to potentially escape the renderer sandbox via a crafted video file. Successful exploitation requires the victim to load attacker-controlled video content, but the resulting scope change (S:C) means the attacker can break out of Chrome's renderer sandbox and impact resources beyond it. No public exploit has been identified at time of analysis and EPSS is very low (0.03%), but the high CVSS reflects the severe impact of a successful sandbox escape.

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11009 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.

Google Memory Corruption Use After Free Microsoft Denial Of Service +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11002 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Autofill component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction (UI:R) and a chained renderer compromise, and no public exploit has been identified at time of analysis despite the very high 9.6 CVSS score driven by scope change.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10990 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Glic component prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction and a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.03%.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10972 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker to break out of the renderer process by luring a user to a crafted HTML page that triggers a use-after-free in the Ozone display/windowing layer. Google rates the underlying Chromium issue as High severity and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score is very low (0.03%).

Denial Of Service Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10931 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's FileSystem component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page that triggers a use-after-free condition. Successful exploitation requires the victim to interact with attacker-controlled web content, but yields a scope change from the constrained renderer process to higher-privileged host context. EPSS is currently low (0.03%) and no public exploit has been identified at time of analysis, though Google rates the underlying Chromium severity as High.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10892 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Android versions prior to 149.0.7827.53 stems from an out-of-bounds write in the GPU process that a remote attacker can trigger via a crafted HTML page. Google rates the underlying Chromium issue as Critical severity, and while a vendor patch is available, no public exploit identified at time of analysis and EPSS sits at 0.03% (11th percentile). The CVSS scope-changed vector (S:C) reflects the impact of breaking out of Chrome's sandbox to affect the broader Android OS context.

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11167 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the WebView sandbox via a crafted HTML page. The flaw stems from an inappropriate implementation in WebView and is chained behind a prior renderer compromise, requiring user interaction. No public exploit identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating no current evidence of widespread exploitation despite the high CVSS score of 9.6.

Google Privilege Escalation Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11165 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on iOS before 149.0.7827.53 can be triggered by a remote attacker who lures a user to a malicious HTML page that abuses a use-after-free condition in the WebMIDI subsystem. Successful exploitation breaks out of the renderer sandbox with high confidentiality, integrity, and availability impact, though no public exploit is identified at time of analysis and EPSS probability is very low (0.03%).

Google Memory Corruption Apple Use After Free Denial Of Service +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-35906 CRITICAL Act Now

Unauthenticated remote command execution affects T3 Technology CPE routers (models T625Pro v1.0.07 and T6825G v1.0.03) through an undocumented debug CGI endpoint that processes attacker-supplied query strings as root-level shell commands. SSVC characterizes this as POC-available with total technical impact, and a public advisory has been published on GitHub, though it is not currently listed in CISA KEV.

Command Injection N A
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-49190 CRITICAL Act Now

Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbitrary applications or execute operating system commands by abusing internal operation codes (opcodes) whose permission checks are not properly enforced. The flaw carries a CVSS 4.0 score of 9.4 (Critical) due to network reach, low attack complexity, and scope-changing impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis and the CVE is not currently listed in CISA KEV.

Command Injection Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
9.4
EPSS
0.1%
CVE-2026-49194 CRITICAL Act Now

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a debug routine (SCREEN_CLICK opcode 5053) that skips the device login prompt and drops the caller directly into an interactive shell. CVSS 4.0 rates the issue 9.4 with scope change and high impact on confidentiality, integrity, and availability of both the router and connected subsystems; no public exploit identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-49191 CRITICAL Act Now

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded backend API keys through verbose error pages, enabling remote unauthenticated attackers to harvest credentials and gain full administrative control over the device. CVSS 4.0 scores this 9.3 (Critical) with no privileges or user interaction required, though no public exploit has been identified at time of analysis.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-50214 CRITICAL Act Now

Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote attackers to abuse a hardcoded global API token guarding the /v1/Plan service, granting full administrative control over network access plans. Unauthenticated attackers can create arbitrary zero-cost plans, effectively bypassing billing and access controls. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 reflects trivial network exploitability with no privileges or user interaction required.

Information Disclosure Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-50209 CRITICAL Act Now

Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.000019) allows locally running malicious software to overwrite the default Mobile Device Management endpoint address through broadcast events, transferring administrative control of the device to an attacker-operated MDM server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-25550 CRITICAL Act Now

Unauthenticated remote code execution in Seagull Software BarTender 2010, 2016 (<=R9), and 2019 (<=R10) is reachable over TCP/7375 through the BtSystem.Service.exe .NET Remoting endpoint, which runs as NT AUTHORITY\SYSTEM. The exposed singleton uses BinaryServerFormatterSinkProvider with TypeFilterLevel=Full, allowing attackers to abuse deserialization-style object unmarshalling to read/write arbitrary files, coerce NTLMv2 authentication via UNC paths, or pivot to full code execution. No public exploit identified at time of analysis, but the VulnCheck advisory documents the attack primitives in detail.

Authentication Bypass RCE Bartender 2010 Bartender 2016 Bartender 2019
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-50208 CRITICAL Act Now

Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019) combine TrustAllCerts routines that bypass TLS certificate validation with hard-coded DES symmetric encryption keys, enabling a network-positioned attacker to decrypt traffic between the device and its backend services. CVSS 4.0 rates this 9.2 (Critical) given the unauthenticated network attack surface and high confidentiality/integrity impact, though attack complexity is rated High due to the MITM positioning requirement. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-50076 CRITICAL PATCH GHSA Act Now

Unsafe deserialization in Apache Fory fory-core Java SDK versions prior to 1.1.0 allows remote attackers to bypass the framework's class registration, TypeChecker, and DisallowedList security controls on Java/JVM platforms. By crafting malicious Fory-serialized payloads that exercise the replace-resolve path, an attacker can invoke arbitrary readResolve/readExternal hooks on any class present on the classpath, enabling gadget-chain abuse without authentication. No public exploit identified at time of analysis, but the CVSS 9.1 score and CWE-502 classification reflect the high impact typical of Java deserialization sinks.

Apache Deserialization Java
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-11153 CRITICAL PATCH Act Now

Cross-origin information disclosure in Google Chrome's Forms component prior to version 149.0.7827.53 allows a remote attacker to leak sensitive data from other origins through a crafted HTML page. The flaw is rated CVSS 9.1 due to high confidentiality and integrity impact over the network without authentication, though Google's Chromium team internally rated it Medium severity. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-10868 CRITICAL Act Now

Privilege escalation in MISP threat intelligence platform versions through 2.5.38 allows authenticated users to modify other users' account attributes by submitting a crafted User.id parameter in edit requests. The UsersController::edit() function failed to strip user-supplied identifiers before processing, enabling cross-account modifications. No public exploit identified at time of analysis, but the source code fix is publicly visible in the upstream commit.

Privilege Escalation Misp
NVD GitHub VulDB
CVSS 4.0
9.0
EPSS
0.0%
CVE-2026-47708 CRITICAL PATCH GHSA Act Now

Command injection in stata-mcp (MCP-for-Stata) versions prior to 1.17.3 allows attackers to execute arbitrary Stata commands - including the `shell` directive - by supplying a crafted `log_file_name` parameter to the `stata_do` MCP tool or CLI. The flaw bypasses the existing `GuardValidator` security control, which only inspects do-file content and never examines wrapper parameters, enabling remote code execution and arbitrary file writes via path traversal. Publicly available exploit code exists in the GHSA advisory PoC, though no public exploit identified at time of analysis indicates in-the-wild abuse.

Python RCE Path Traversal Command Injection
NVD GitHub
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy