Skip to main content
CVE-2026-10877 MEDIUM POC This Month

SQL injection in SourceCodester Ship Ferry Ticket Reservation System 1.0 exposes the admin login panel to unauthenticated remote attackers via a crafted Username parameter in /admin/login.php, enabling authentication bypass and backend database manipulation. Publicly available exploit code (POC) has been published on Medium demonstrating the authentication bypass technique, elevating real-world risk despite the moderate CVSS 4.0 score of 5.5. No KEV listing at time of analysis, but the zero-prerequisite network attack vector combined with a public POC makes this a credible threat to any internet-facing deployment.

PHP SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2019-25737 MEDIUM POC This Month

Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Live Chat Unlimited
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2019-25731 MEDIUM POC This Month

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zuz Music
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-47707 MEDIUM POC PATCH GHSA This Month

Denial-of-service via alias amplification in Strawberry GraphQL (versions 0.172.0 through 0.315.6) allows unauthenticated remote attackers to exhaust server resources by bypassing the MaxAliasesLimiter extension using crafted GraphQL fragment spreads. The limiter performs only a static AST alias count, missing the multiplicative expansion that occurs at execution time when a fragment containing N aliases is spread M times - producing N×M resolved aliases against a limit enforced at N+M. A publicly available proof-of-concept exists demonstrating the bypass; no active exploitation has been confirmed in CISA KEV at time of analysis.

Denial Of Service Strawberry
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-47706 MEDIUM POC PATCH GHSA This Month

Infinite recursion in Strawberry GraphQL's QueryDepthLimiter extension allows unauthenticated remote attackers to crash the validation process and exhaust server resources by submitting queries with circular fragment references. Affected versions 0.71.0 through 0.315.6 of the pip package strawberry-graphql fail to track visited fragments in the determine_depth function, meaning a trivially crafted two-fragment cycle (A spreads B, B spreads A) triggers a Python RecursionError before any query execution occurs. A public proof-of-concept is confirmed in GHSA-qfwv-87qj-98xq; no active exploitation is listed in CISA KEV at time of analysis.

Denial Of Service Strawberry
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2019-25734 MEDIUM POC This Month

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal CSRF
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2019-25744 MEDIUM POC This Month

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP WordPress
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2019-25743 MEDIUM POC This Month

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2019-25742 MEDIUM POC This Month

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2019-25739 MEDIUM POC This Month

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gigtodo
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-21404 MEDIUM CISA This Month

Hard-coded credentials embedded in NAVTOR NavBox's Windows Communication Foundation (SOAP) implementation allow a local low-privileged attacker to extract static credentials and authenticate against privileged WCF methods, enabling arbitrary file write or overwrite within application-defined paths. All NavBox versions through 4.16.1.20 are affected when the SOAP interface is enabled. CISA ICS-CERT has issued advisory ICSA-26-155-01 for this OT/maritime navigation product; no public exploit has been identified at time of analysis, though the ICS context elevates operational safety concern.

Authentication Bypass Microsoft Navbox Firmware
NVD GitHub VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-47655 MEDIUM PATCH NEWS NO ACTION HOSTED Monitor

Microsoft Graph exposes sensitive data to authenticated network attackers due to improper authorization controls, allowing low-privileged API callers to retrieve information beyond their granted scope. The vulnerability (CVSS 6.5) carries high confidentiality impact (C:H) with no integrity or availability consequence, making it a pure data disclosure risk against Microsoft's unified cloud API surface. No public exploit code has been identified at time of analysis, and Microsoft has released a server-side patch via MSRC advisory CVE-2026-47655.

Information Disclosure Microsoft Microsoft Graph
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-27891 MEDIUM PATCH This Month

On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Eos
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-50210 MEDIUM This Month

Static zero-filled AES-CBC Initialization Vectors in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) eliminate the cryptographic randomness CBC mode requires, enabling network-accessible attackers to conduct replay attacks and known-plaintext decryption of device-encrypted traffic without authentication. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms trivial remote access with no privileges or user interaction required, though the impact is scoped to partial confidentiality loss (VC:L) with no integrity or availability impact. No public exploit has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Information Disclosure Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-50226 MEDIUM This Month

Hardcoded AES-128-CBC cryptographic keys embedded in the AcerConnect OTA application allow unauthenticated remote attackers to forge authorization credentials for arbitrary IMEI numbers against the Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019). Once credentials are forged, attackers can enumerate OTA catalog items and retrieve protected firmware binaries via pre-signed cloud storage links. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the static nature of the hardcoded key means any actor who obtains the application binary can trivially reproduce the attack.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-49204 MEDIUM This Month

Hard-coded AWS Cognito credentials embedded in leftover debug modules of the Acer Connect M6E 5G Portable WiFi Router expose internal cloud test sandbox environments to remote unauthenticated attackers. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, no network proximity, and no user interaction is required, meaning any attacker who obtains the static credentials - through firmware extraction or disclosure - can authenticate to Acer's AWS Cognito-backed test infrastructure. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-50224 MEDIUM This Month

The web administration panel of the Acer Connect M6E 5G Portable WiFi Router binds to the wildcard IPv6 address [::] on port 8080, exposing internal API endpoints over the public WAN interface without default firewall restrictions. All firmware versions through M6E_AI_1.00.000019 are affected, enabling authenticated remote attackers with high-privilege credentials to reach and query administrative APIs that are intended to be LAN-restricted only. No public exploit code has been identified and no CISA KEV listing exists at time of analysis, but the design flaw structurally expands the attack surface for any admin-level compromise.

Information Disclosure Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-10597 MEDIUM This Month

Insecure Direct Object Reference in ITPison's OMICARD EDM (an email marketing platform) enables unauthenticated remote attackers to manipulate a specific request parameter to retrieve arbitrary users' email addresses without authorization. The CVSS vector AV:N/AC:L/PR:N/UI:N confirms fully remote, zero-authentication exploitation requiring no user interaction, though impact is bounded to low-level confidentiality loss with no integrity or availability consequence. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.

Authentication Bypass Omicard Edm
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-7774 MEDIUM PATCH This Month

Path traversal in CPython's tarfile module allows malicious tar archives to bypass the data_filter safety mechanism and write files to arbitrary locations outside the intended extraction directory. When an application or user calls tarfile.extractall() with the data filter active, specially crafted symlinks using empty names, directory-like names, or trailing slashes can redirect subsequent archive members through attacker-controlled paths, subject to the permissions of the extracting process. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the attack vector is network-accessible and requires only that a victim initiate extraction of a crafted archive (UI:A).

Path Traversal Cpython
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-36175 MEDIUM This Month

U-Boot bootloader authentication bypass on GNCC GP5 v7.1.76 grants a physically-proximate attacker full root access to the device by interrupting the boot sequence and injecting crafted kernel boot arguments. The vulnerability stems from insufficient input validation in the bootloader's handling of kernel command-line parameters, allowing an attacker to override security controls set during the normal boot process. Publicly available exploit code exists via a GitHub IoT vulnerability research repository; no CISA KEV listing has been identified at time of analysis, consistent with the physical-access prerequisite limiting widespread automated exploitation.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-11166 MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome's SVG implementation prior to version 149.0.7827.53 allows remote unauthenticated attackers to bypass same-origin policy by injecting arbitrary scripts or HTML across origins via a crafted HTML page. Exploitation requires user interaction and high attack complexity (CVSS AC:H/UI:R), and EPSS at 0.06% (18th percentile) reflects limited real-world exploitation activity. No active exploitation is confirmed by CISA KEV and no public exploit code has been identified at time of analysis.

XSS Google Chrome
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-11218 MEDIUM PATCH This Month

Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to run arbitrary code when a victim is lured into performing specific UI gestures involving a malicious file delivered through the PlatformIntegration component. The flaw stems from improper input validation (CWE-20) and, while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS scoring (0.04%) indicates very low near-term exploitation probability.

Google Microsoft RCE Red Hat Suse +1
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-7764 MEDIUM PATCH This Month

Heap out-of-bounds read in Morse Micro HaLowLink 2 prior to version 2.11.12 allows an unauthenticated attacker within 802.11ah radio range to disclose up to 9 bytes of kernel heap memory or trigger a kernel panic (DoS) by transmitting a crafted beacon or probe response frame containing a malformed Vendor Information Element. The morse.ko kernel driver function morse_vendor_find_vendor_ie() fails to validate IE body length against the expected structure size before downstream callers read at fixed offsets, requiring only that the IE length field exceed 3 bytes. No public exploit identified at time of analysis; EPSS places exploitation probability at 0.03% (8th percentile) with no CISA KEV listing, though the zero-prerequisite radio-range attack surface warrants prompt patching for HaLow-enabled deployments.

Denial Of Service Buffer Overflow Halowlink 2 Information Disclosure
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-48040 MEDIUM PATCH GHSA This Month

Incorrect native memory address resolution in Netty's Oblivious HTTP (OHTTP) BoringSSL JNI bridge allows unauthenticated remote attackers to corrupt memory belonging to concurrent connections and disclose the contents of adjacent pooled direct buffers - including HPKE encryption key material - on affected OHTTP gateways. The flaw exists in versions prior to 0.0.22.Final of netty-incubator-codec-ohttp and is only reachable when the JVM is configured to deny `sun.misc.Unsafe` access, causing the vulnerable fallback address-resolution path to activate. This directly undermines the confidentiality guarantees Oblivious HTTP is designed to provide; no public exploit code exists and the vulnerability is not listed in the CISA KEV catalog (CVSS 4.0 E:U).

Information Disclosure Java Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-48009 MEDIUM PATCH GHSA This Month

Admin account takeover in Shopware's PHP e-commerce platform is achievable by any low-privilege admin holding the user_recovery:read ACL through a three-endpoint attack chain requiring no special tooling. The vulnerability stems from the UserRecoveryDefinition exposing a secret password-reset hash via the Admin API search endpoint - a hash the recovery flow assumes is delivered exclusively via email - enabling the attacker to bypass the intended out-of-band delivery mechanism entirely. Patched versions 6.6.10.18 and 6.7.10.1 are available; no public exploit code or CISA KEV listing has been identified at time of analysis, though the attack is fully documented in the GitHub Security Advisory GHSA-8v9p-g828-v98f.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-10805 MEDIUM PATCH This Month

Local privilege escalation in NetworkManager's dhclient backend allows a low-privileged local user to execute arbitrary OS commands with elevated privileges by supplying a crafted Manufacturer Usage Description (MUD) URL. Exploitation is strictly limited to systems where an administrator has explicitly reconfigured NetworkManager to use the dhclient backend - a non-default setting - meaning the vast majority of deployments are unaffected by design. CVSS 6.7 (local vector, high complexity, user interaction required) accurately reflects the constrained exploitation conditions; no public exploit code or CISA KEV listing exists at time of analysis.

Privilege Escalation Command Injection Red Hat Suse
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-48480 MEDIUM POC PATCH GHSA This Month

Truncation of chunked Oblivious HTTP (OHTTP) streams in netty-incubator-codec-ohttp prior to 0.0.22.Final silently passes partial, cryptographically-incomplete messages to the receiving application with no decryption error or exception. An on-path adversary - the OHTTP relay itself or a MITM on the relay↔gateway or relay↔client transport - can cut a legitimate chunked-OHTTP message at any non-final chunk boundary and cleanly close the outer HTTP body, bypassing the cryptographic integrity guarantee the final-chunk marker is designed to provide. No public exploit is identified (CVSS E:U) and no CISA KEV listing exists, but the integrity impact is rated High (VI:H) given that receivers silently accept and may act on structurally incomplete messages.

Information Disclosure Java
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.0%
CVE-2024-6858 MEDIUM This Month

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-47644 MEDIUM PATCH NEWS NO ACTION HOSTED Exploit Unlikely Monitor

Injection (CWE-74) in Copilot Chat within Microsoft Edge enables unauthenticated remote attackers to disclose sensitive information when a victim user interacts with maliciously crafted content. The vulnerability resides in improper neutralization of special elements passed to a downstream component of the chat pipeline, resulting in high confidentiality impact with no integrity or availability effect. No public exploit code exists at time of analysis (CVSS E:U), and Microsoft has released an official patch per MSRC advisory CVE-2026-47644.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-11140 MEDIUM PATCH This Month

Out-of-bounds read in the Chromecast component of Google Chrome prior to version 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to leak potentially sensitive data from process memory by delivering a crafted HTML page. This is a chained vulnerability: exploitation is conditional on a prior renderer compromise, making it a second-stage information-disclosure step rather than a standalone attack. No public exploit code has been identified and EPSS probability stands at 0.05% (15th percentile), consistent with a medium-severity, constrained attack path. Google has released a fix in stable channel 149.0.7827.53.

Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11121 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Skia graphics library affects all versions prior to 149.0.7827.53, exploitable by a remote attacker who has already compromised the renderer process. Via a crafted HTML page, the attacker can abuse insufficient input validation in Skia to extract sensitive cross-origin data, bypassing browser isolation boundaries. No public exploit code has been identified at time of analysis, and the EPSS score of 0.05% (15th percentile) reflects low observed exploitation activity.

Information Disclosure Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11093 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Printing subsystem (all versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin data by serving a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects high confidentiality impact with no integrity or availability loss, though the real-world attack requires a pre-compromised renderer - making this a second-stage chaining vulnerability rather than a standalone initial-access vector. No public exploit code or CISA KEV listing has been identified, and EPSS at 0.05% (15th percentile) confirms low current exploitation probability.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11045 MEDIUM PATCH This Month

Memory disclosure in Google Chrome's GPU component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to read sensitive data from process memory by delivering a crafted HTML page. The vulnerability stems from insufficient validation of untrusted input passed to the GPU subsystem, classified as CWE-20 (Improper Input Validation), and is rated Medium severity by the Chromium security team despite a CVSS Confidentiality impact of High - reflecting that successful exploitation requires a prior renderer compromise as a prerequisite. No public exploit code has been identified and EPSS probability stands at just 0.05% (15th percentile), indicating low current exploitation likelihood.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11027 MEDIUM PATCH This Month

Cross-origin data leakage in the Glic component of Google Chrome (prior to 149.0.7827.53) can be triggered by a remote attacker who has already compromised the renderer process, using a crafted HTML page to exfiltrate sensitive cross-origin content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects high confidentiality impact but masks the realistic complexity: renderer compromise is an explicit prerequisite, making this a chained exploit rather than a standalone attack. No active exploitation has been confirmed (CISA KEV absent, SSVC exploitation=none, EPSS 0.05% at 15th percentile), and a vendor-released patch is available.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11013 MEDIUM PATCH This Month

Memory disclosure in Google Chrome's Network component (versions prior to 149.0.7827.53) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page to the victim. This is a chained, two-stage attack: exploitation requires a prior renderer process compromise as an explicit prerequisite, which substantially elevates the real-world difficulty beyond what the CVSS 6.5 score alone implies. No active exploitation has been identified (SSVC Exploitation: none; EPSS: 0.05% at the 15th percentile), and no public exploit code exists at time of analysis.

Information Disclosure Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10981 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Codecs subsystem affects all versions prior to 149.0.7827.53, enabling an attacker who has already compromised the renderer process to exfiltrate sensitive data from other origins via a crafted video file. The vulnerability bypasses Same-Origin Policy protections and exposes high-confidentiality content (CVSS C:H), though impact is scoped to information disclosure with no integrity or availability consequence. This CVE is not currently listed in CISA KEV, no public exploit has been identified at time of analysis, and EPSS at 0.05% (15th percentile) indicates low widespread exploitation probability.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11128 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Web Share API prior to version 149.0.7827.53 allows a remote attacker to extract sensitive cross-origin information by convincing a user to perform specific UI gestures on a crafted HTML page, violating browser same-origin policy guarantees. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H) reflects high confidentiality impact with no authentication required on the attacker's side, though mandatory user interaction reduces realistic exploitation probability significantly. No public exploit has been identified at time of analysis, and an EPSS score of 0.04% (13th percentile) corroborates low current exploitation activity.

Information Disclosure Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11105 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's WebUI component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to extract sensitive cross-origin information via a crafted HTML page. The vulnerability stems from insufficient input validation (CWE-20) in the WebUI layer, which fails to properly sanitize input arriving from a compromised renderer, breaking Chrome's intended process isolation boundary. No active exploitation has been confirmed (not in CISA KEV), and an EPSS score of 0.04% (13th percentile) reflects low widespread exploitation probability, consistent with this being a second-stage technique requiring a chained renderer compromise.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11008 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's WebAppInstalls component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin data via a crafted HTML page. The CVSS 6.5 score captures the high confidentiality impact and network accessibility, but understates effective exploitation complexity because a prior renderer compromise is an explicit prerequisite. EPSS is very low at 0.04% (13th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis, positioning this as a chained exploitation primitive rather than a standalone critical threat.

Information Disclosure Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11007 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's WebView component on Android exposes sensitive information to attackers who have already achieved renderer process compromise. Affected versions are all Chrome for Android releases prior to 149.0.7827.53. A remote attacker, operating from a compromised renderer context, can exfiltrate cross-origin data by delivering a specially crafted HTML page to the victim, bypassing same-origin policy protections. No public exploit code exists and EPSS stands at 0.04% (13th percentile), indicating low observed exploitation pressure at time of analysis; however, the high confidentiality impact (C:H) makes this a meaningful second-stage primitive in multi-vulnerability attack chains.

Information Disclosure Google Chrome Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-49940 MEDIUM PATCH This Month

Net::CIDR::Set versions through 0.20 for Perl incorrectly accepts Unicode digits in IP addresses and CIDR netmasks, enabling network access controls to silently permit broader address ranges than intended. Applications relying on this library to enforce IP-based allowlists or blocklists may inadvertently grant or deny access to incorrect network ranges when Unicode look-alike digits (e.g., Arabic-Indic U+0661 instead of ASCII '1') are supplied as input. With no public exploit identified at time of analysis and SSVC exploitation status of none, this is a medium-severity library flaw requiring patch deployment rather than emergency response, but the automatable nature of the attack vector warrants prompt remediation in access-control-sensitive deployments.

Information Disclosure Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36499 MEDIUM PATCH This Month

Resource exhaustion in Open vSwitch v3.6.90 allows an authenticated attacker with OVSDB write access to crash the virtual switch by requesting an unbounded number of handler or revalidation threads via a missing upper-bound check in the udpif_set_threads() function. The SSVC framework confirms a proof-of-concept exploit exists, though the vulnerability is not listed in CISA KEV and automated mass exploitation is assessed as unlikely due to the required management-plane authentication. With CVSS 6.5 and impact limited to availability, this is a moderate-priority finding that becomes high-priority in environments where OVSDB write access is broadly granted or inadequately segmented.

Denial Of Service Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11227 MEDIUM PATCH This Month

Tab Hover Cards in Google Chrome prior to 149.0.7827.53 render domain names incorrectly, enabling a remote unauthenticated attacker to spoof displayed domain identity via a crafted domain name, misleading users about the true destination of a browser tab. CVSS rates Integrity impact as High (I:H), reflecting the real deception potential in phishing scenarios, while Chromium itself labels this Low severity - a notable contrast worth flagging. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) reflects minimal current exploitation interest.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11222 MEDIUM PATCH This Month

Domain spoofing via Tab Strip UI misrepresentation in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to deceive users into believing they are visiting a legitimate domain by serving a crafted HTML page that corrupts the displayed origin in the tab strip. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) confirms network-accessible exploitation requiring no privileges but requiring user interaction, with integrity impact reflecting successful identity deception rather than data exfiltration or code execution. No public exploit code exists and EPSS at 0.03% (11th percentile) reflects negligible observed exploitation activity; this is not currently listed in the CISA KEV catalog.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11215 MEDIUM PATCH This Month

Domain spoofing in Google Chrome's Cronet networking library on Android (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to misrepresent domain names to victims browsing on Android devices. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms high integrity impact with no privileges required, contingent on victim interaction with a crafted URL. EPSS at 0.03% (11th percentile) and no CISA KEV listing indicate no public exploitation at time of analysis, making this primarily a targeted phishing-enablement risk rather than an actively weaponized vector.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11214 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome for iOS prior to version 149.0.7827.53 enables a remote unauthenticated attacker to read sensitive data from cross-origin resources by tricking a user into visiting a crafted HTML page. The flaw stems from an inappropriate implementation in the iOS-specific Chrome code path (CWE-346: Origin Validation Error), undermining the browser's Same-Origin Policy enforcement on Apple's platform. No public exploit code exists and no active exploitation is confirmed; with an EPSS of 0.03% (11th percentile), real-world risk is currently assessed as low despite the high confidentiality impact in the CVSS scoring.

Apple Information Disclosure Google Suse Chrome +1
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11209 MEDIUM PATCH This Month

Sensitive information disclosure in Google Chrome's Passwords component (prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to read potentially sensitive data - including password material - from process memory by delivering a crafted HTML page. The attack carries a CVSS 6.5 (Medium) rating with high confidentiality impact and no integrity or availability consequence. No public exploit has been identified at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), consistent with the non-trivial prerequisite of prior renderer compromise.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11208 MEDIUM PATCH This Month

Memory information disclosure in Google Chrome's Codecs component affects all desktop versions prior to 149.0.7827.53, enabling remote unauthenticated attackers to read potentially sensitive data from browser process memory when a user visits a specially crafted HTML page. The root cause is a use-after-free (CWE-416) in the media codec subsystem, yielding high confidentiality impact with no integrity or availability consequences per CVSS. EPSS is very low at 0.03% (11th percentile) and SSVC confirms no active exploitation, placing this firmly in the routine patch category despite its Medium severity score.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11206 MEDIUM PATCH This Month

Cross-origin data leakage via ServiceWorker policy bypass in Google Chrome affects all desktop versions prior to 149.0.7827.53. Insufficient policy enforcement in Chrome's ServiceWorker API allows unauthenticated remote attackers to read sensitive cross-origin data from a victim's browser session by directing the victim to a crafted HTML page. EPSS exploitation probability is very low at 0.03% (11th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis - making this a moderate confidentiality risk that warrants patching but is not an immediate emergency for most organizations.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11203 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's GPU implementation on macOS allows remote unauthenticated attackers to exfiltrate sensitive cross-origin information by luring a user to a crafted HTML page. Affected are all Chrome releases on Mac prior to 149.0.7827.53. The vulnerability stems from an inappropriate GPU implementation (CWE-200) and carries no publicly available exploit at time of analysis; EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability. No active exploitation has been confirmed by CISA KEV.

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy