Skip to main content
CVE-2026-8589 HIGH POC PATCH NEWS This Week

Stored cross-site scripting and account integrity abuse in GitLab Enterprise Edition versions 13.1.4 through 18.10.7, 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2 allows an authenticated low-privileged user to inject unsanitized input into certain group setting fields and add unauthorized email addresses to a targeted user's account. Publicly available exploit code exists via a HackerOne report, though EPSS exploitation probability remains very low at 0.02% and the SSVC framework rates current exploitation as 'none' with total technical impact when successful.

Gitlab XSS
NVD VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-10087 HIGH POC PATCH NEWS This Week

Stored cross-site scripting in GitLab Enterprise Edition's Analytics Dashboard allows an authenticated developer-role user to execute arbitrary client-side JavaScript in the browser of a targeted user, leveraging improper input sanitization. The flaw affects all 17.1 through 18.10.x, 18.11.x, and 19.0.x branches before fixed releases, and publicly available exploit code exists via a HackerOne report, raising the realistic risk of opportunistic abuse against multi-tenant GitLab instances.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-6552 HIGH POC PATCH NEWS This Week

Account takeover in GitLab Enterprise Edition versions 15.5 through 19.0.2 allows an authenticated group Owner to hijack other group members' accounts through improper authorization in the Group SAML identity management functionality. Publicly available exploit code exists via a HackerOne report, and GitLab released patched versions 18.10.8, 18.11.5, and 19.0.2 on 2026-06-10. The flaw stems from CWE-639 (Authorization Bypass Through User-Controlled Key) and yields a scope-changing high-impact compromise per CVSS 3.1.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-10795 HIGH POC This Week

Remote code execution in UpdraftPlus: WP Backup & Migration Plugin for WordPress (versions ≤1.26.4) allows unauthenticated attackers to forge RPC commands as the connected administrator by bypassing signature verification in the UpdraftPlus_Remote_Communications_V2::wp_loaded handler. A flaw in how unchecked decryption return values are handled collapses the encryption key to an all-zero value, enabling arbitrary plugin upload and activation. No public exploit identified at time of analysis, but the plugin's massive WordPress install base and trivial post-bypass impact make this a high-priority patch.

Jwt Attack Authentication Bypass WordPress RCE
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-48020 HIGH POC PATCH GHSA This Week

Route-level authentication bypass in Traefik's StripPrefix middleware allows unauthenticated remote attackers to reach protected backend endpoints (e.g., /admin, /internal/config) by crafting request paths such as /api../admin or /api%2e%2e/admin. The public router matches before path normalization, but StripPrefix subsequently normalizes the path via JoinPath() so the backend receives the protected path without the authentication middleware ever running. Publicly available exploit code exists (full PoC in the advisory), patches are released, and EPSS sits at 0.22% (45th percentile) with no CISA KEV listing.

Python Authentication Bypass Docker
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.2%
CVE-2026-7250 HIGH POC PATCH NEWS This Week

Denial of service in GitLab CE/EE versions 12.10 through 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 allows unauthenticated remote attackers to crash or degrade the API request parsing middleware via malformed input. Publicly available exploit code exists (HackerOne report 3671995), and the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) reflects trivially-reachable, no-auth exploitation against any internet-exposed GitLab instance. No CISA KEV listing at time of analysis.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-50245 HIGH CISA Act Now

Unauthenticated snapshot disclosure in Brickcom Cube, Dome, Bullet, and Box IP cameras lets anyone reachable on the camera's /ONVIF endpoint retrieve still images from the live video feed without credentials. The flaw, reported through CISA ICS-CERT (ICSA-26-162-03) and tagged as an authentication bypass, is a classic CWE-306 missing-authentication issue affecting devices typically deployed in physical-security and OT environments. No public exploit identified at time of analysis, but exploitation is trivial once the endpoint is reachable.

Authentication Bypass Cube Dome Bullet Box
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-50005 HIGH CISA Act Now

Unauthorized camera feed access affects Brickcom Cube, Dome, Bullet, and Box IP camera product lines due to factory-shipped default credentials (CWE-1392). Any attacker reaching the camera's management interface can authenticate using the known default account and silently view live video, with no public exploit identified at time of analysis though the trivial nature of the issue means weaponization requires no specialized tooling. CISA ICS-CERT issued advisory ICSA-26-162-03 covering the issue.

Information Disclosure Cube Dome Bullet Box
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-45176 HIGH PATCH This Week

Local privilege escalation in CyberArk (Idira) Endpoint Privilege Manager Agent versions prior to 26.5 allows low-privileged users on Windows, macOS, and Linux endpoints to abuse improper access controls in high-privileged agent components and execute actions with elevated privileges. The flaw was reported by Palo Alto Networks (CyberArk's parent) and addressed in agent version 26.5.0, with no public exploit identified at time of analysis. Because EPM is itself a privilege-management control, a bypass directly undermines the security posture of every endpoint where it is deployed.

Privilege Escalation Idira Endpoint Privilege Manager
NVD VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-12007 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.115 allows remote attackers to trigger a use-after-free condition in the Core component via a crafted HTML page, leading to arbitrary code execution within the renderer process. Chromium rates the severity as Critical, and no public exploit has been identified at time of analysis, but the bug class (UAF in Core) is historically a frequent target for in-the-wild exploitation against Chrome. The vulnerability requires the victim to visit attacker-controlled content (UI:R).

Microsoft Use After Free Memory Corruption RCE Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-12020 HIGH PATCH This Week

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-12013 HIGH PATCH This Week

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption Denial Of Service Google +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7870 HIGH PATCH This Week

Privilege escalation in IBM i versions 7.3, 7.4, 7.5, and 7.6 allows an authenticated user to execute attacker-controlled code with administrator privileges due to an unqualified library call (CWE-427, uncontrolled search path). No public exploit identified at time of analysis, but IBM has released a patch and rated the issue as high severity (CVSS 8.8) given the low complexity and high impact across confidentiality, integrity, and availability.

Information Disclosure IBM
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-12035 HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-45418 HIGH This Week

Authenticated SQL injection in ClipBucket v5 prior to release 5.5.3 - #132 allows any user with video-upload privileges to exfiltrate database contents via the POST /actions/subtitle_edit.php endpoint. The vulnerable 'number' parameter handling enables boolean-based blind SQLi, and no public exploit is identified at time of analysis though the GitHub Security Advisory (GHSA-q233-m544-6jqr) documents the issue in detail.

PHP SQLi Information Disclosure Clipbucket V5
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-12018 HIGH PATCH This Week

Local privilege escalation in Google Chrome on Windows prior to 149.0.7827.115 stems from an inappropriate implementation in the Mojo IPC layer, allowing a local attacker who can place a malicious file on the system to elevate to OS-level privileges. The flaw is rated High severity by Chromium and carries CVSS 8.8, with a vendor patch available and no public exploit identified at time of analysis.

Privilege Escalation Microsoft Google
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-24284 HIGH PATCH This Week

Sandbox escape in Apple macOS prior to Sequoia 15.4 allows a locally installed application to break out of the App Sandbox and perform unauthorized actions outside its confinement boundary. Apple addressed the issue with improved checks; no public exploit identified at time of analysis, though SSVC rates technical impact as total.

Authentication Bypass Apple
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-47171 HIGH PATCH This Week

Mass mention abuse in Quest Bot (open-source Discord moderation/utility bot) before version 1.0.3 allows any normal Discord user to schedule reminders containing @everyone or @here payloads that the bot later re-sends without mention suppression. Because the bot typically holds the Mention Everyone permission, the stored reminder text effectively grants unprivileged users the ability to ping an entire server or channel on demand. No public exploit identified at time of analysis and the issue is not on CISA KEV, but the trivial reproduction path makes the abuse pattern likely once known.

Information Disclosure Quest Bot
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-53661 HIGH PATCH This Week

Session cookie hijacking in Boruta authorization server prior to 0.9.1 allows network-positioned attackers to capture authentication and remember-me cookies because they lack the Secure attribute and may be transmitted over plaintext HTTP. The flaw affects boruta_web, boruta_identity, and boruta_admin components and enables full user impersonation, including potentially administrative sessions on an OAuth 2.0/OpenID Connect identity provider. No public exploit identified at time of analysis and the issue is not in CISA KEV.

Information Disclosure
NVD GitHub
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-48054 HIGH PATCH GHSA This Week

Code injection in OpenZeppelin Contracts Wizard's `@openzeppelin/wizard` npm package (<=0.10.8) allows attacker-supplied strings passed through `opts.name` or `opts.uri` into the `zipHardhat`/`zipFoundry` helpers to break out of string literals inside generated Hardhat and Foundry test scaffolding, leading to arbitrary code execution on the developer's machine when `npm test` or `forge test` is run. No public exploit is identified at time of analysis, but a vendor advisory and patched commit are public via GitHub Security Advisory GHSA-4x76-22x2-rx8v.

Node.js Code Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-45172 HIGH PATCH This Week

Authenticated command injection in CyberArk Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 allows low-privileged users to execute arbitrary OS commands on the PSMP host. Because PSMP brokers privileged SSH sessions to downstream targets, code execution on this host can pivot an attacker from a constrained PAM user into the operator of the privileged-access tier. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 4.0 base score of 8.7 reflects high confidentiality and integrity impact on the vulnerable system.

Command Injection Pam Self Hosted Privilege Cloud
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-53901 HIGH PATCH This Week

Mass-assignment in Cerebrate before v1.37 lets remote attackers reaching a generic CRUD add endpoint supply a client-controlled id when creating objects, because the add() handler stripped id from the raw $params but not from the normalized $input passed to entity patching. No public exploit identified at time of analysis, but the upstream commit aff1ca7 makes the root cause and exploit path trivially recoverable. CVSS 4.0 of 8.7 (VI:H) reflects integrity-only impact on the vulnerable system.

Authentication Bypass Cerebrate
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-47181 HIGH PATCH This Week

Account takeover in PenguinMod-BackendApi versions prior to 1.0.0 allows any authenticated user holding a valid password reset token for their own account to change the password of any other account via a NoSQL injection flaw in the password reset endpoint. The issue is tracked as CWE-20 (improper input validation) and tagged as Code Injection; no public exploit identified at time of analysis, but a vendor security advisory (GHSA-wwwc-jwrc-3pj8) has been published.

Code Injection Penguinmod Backendapi
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-45171 HIGH PATCH This Week

Authenticated arbitrary code execution in CyberArk Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 allows low-privileged users to escape intended boundaries through incomplete input validation combined with misconfigured folder permissions. Because PSM brokers privileged sessions to critical infrastructure, code execution here directly threatens vaulted credentials and downstream targets, making this a high-impact issue despite requiring authentication. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.7 reflects the severity of compromising a PAM component.

Path Traversal RCE Privileged Session Manager Vault
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-53819 HIGH PATCH GHSA This Week

Arbitrary code execution in OpenClaw before 2026.5.27 lets attackers hijack the Homebrew executable resolved during skill installation by planting a workspace-level .env file that overrides the trusted Homebrew path. The flaw, classified as CWE-426 (Untrusted Search Path), enables full system compromise when an operator installs a tampered skill. There is no public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

RCE Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-48059 HIGH PATCH GHSA This Week

Memory exhaustion in Netty's HAProxy PROXY protocol v2 codec (netty-codec-haproxy) allows remote unauthenticated attackers to permanently pin pooled ByteBuf memory by sending PROXY v2 headers containing nested PP2_TYPE_SSL TLVs at depth two or greater. Each malicious connection silently leaks native or heap memory on the successful parse path, enabling a sustained denial-of-service against any Netty-based server that terminates PROXY protocol traffic. No public exploit identified at time of analysis, and EPSS is low (0.04%), but the vendor advisory and fixed releases (4.1.135.Final, 4.2.15.Final) are published.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-48006 HIGH PATCH GHSA This Week

Memory exhaustion in Netty's RedisArrayAggregator handler (io.netty:netty-codec-redis) allows remote unauthenticated attackers to drain the JVM-wide direct-memory pool by repeatedly opening and closing Redis pipeline connections before RESP array aggregates complete. Affects netty-codec-redis 4.1.x through 4.1.134.Final and 4.2.0.Final through 4.2.14.Final; vendor patches are available in 4.1.135.Final and 4.2.15.Final. No public exploit identified at time of analysis, EPSS is low (0.04%), and the issue is not in CISA KEV.

Redis Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-53817 HIGH PATCH GHSA This Week

Authentication bypass in OpenClaw before 2026.5.22 allows authenticated network attackers to spoof locality information during Control UI device pairing and escalate temporary shared access into durable, admin-capable device tokens that persist across token rotation. The flaw stems from insufficient locality-derived trust validation (CWE-290), enabling lateral conversion of low-privilege sessions into persistent administrative credentials. No public exploit identified at time of analysis, but a vendor patch and VulnCheck advisory are available.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-53814 HIGH PATCH GHSA This Week

Privilege escalation in OpenClaw before 2026.5.20 allows attackers holding a valid hook token to invoke owner-only MCP tools through the /hooks/agent endpoint, because hook-triggered agent runs are incorrectly granted owner-scoped MCP loopback authority. Successful exploitation lets a low-privileged hook caller execute privileged actions such as modifying persistent cron state, with no public exploit identified at time of analysis.

Privilege Escalation Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-3329 HIGH PATCH This Week

Credential-guessing attacks against Sonatype Nexus Repository Manager are enabled by missing rate-limiting on authentication endpoints, allowing remote unauthenticated attackers to brute-force or password-spray valid user accounts. The flaw stems from improper restriction of excessive authentication attempts (CWE-307) and carries a CVSS 4.0 base score of 8.7 reflecting high confidentiality impact; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Nexus Repository Manager
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-53816 HIGH PATCH GHSA This Week

Authorization bypass in OpenClaw before 2026.5.18 allows a paired node to forge exec lifecycle events and obtain capabilities reserved for nodes holding system.run authorization. By sending crafted node.event messages, an attacker controlling any peered node can steer gateway sessions into exec-event paths and execute privileged operations, with no public exploit identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-53777 HIGH PATCH This Week

Path traversal in Perry (PerryTS) CLI versions before 0.5.1159 allows a malicious or compromised build server to write arbitrary files anywhere the Perry process can write, or exfiltrate arbitrary local files, by sending crafted artifact_name or download_path values in ArtifactReady WebSocket messages. No public exploit identified at time of analysis, but the upstream commit and tests confirm the issue and a patched release is available.

Path Traversal Perry
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-40999 HIGH PATCH This Week

Server-Side Request Forgery in Spring Web Services (versions 3.1.0-3.1.8, 4.0.0-4.0.18, 4.1.0-4.1.3, and 5.0.0-5.0.1) allows remote unauthenticated attackers to coerce the server into initiating outbound HTTP connections to attacker-controlled or internal destinations by abusing WS-Addressing ReplyTo/FaultTo headers. The flaw stems from WebServiceMessageSender instances dispatching to destinations taken directly from SOAP request headers without validating that the targets are safe. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Java SSRF Spring Web Services
NVD VulDB HeroDevs
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-48547 HIGH PATCH This Week

Command injection in KanaDojo's GitHub Actions release workflow (release.yml) allows attackers who can land a pull request to execute arbitrary commands on the repository's CI runner. The version and changes fields of patchNotesData.json are interpolated unsanitized into a child_process.execSync() call, granting any merged malicious PR access to GITHUB_TOKEN and contents:write permissions. No public exploit identified at time of analysis, but the supply-chain blast radius is significant for downstream KanaDojo consumers.

Command Injection Kana Dojo
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-48546 HIGH PATCH This Week

Sandbox escape leading to remote code execution affects KanaDojo (lingdojo/kana-dojo) before version 0.1.18, where the issue-auto-respond.yml GitHub Actions workflow passes the global require function into a Node.js vm.runInNewContext() sandbox. An attacker submitting a pull request that modifies messages.cjs can load arbitrary Node.js modules from within the sandbox and gain code execution on the Actions runner with access to AUTOMATION_PR_TOKEN. No public exploit identified at time of analysis, though the VulnCheck advisory documents the exploitation primitive in detail.

RCE Node.js Kana Dojo
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-45174 HIGH PATCH This Week

Local privilege/integrity compromise in CyberArk Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allows an authenticated local attacker to interfere with the agent daemon's initialization sequence, potentially undermining the endpoint privilege controls the product is meant to enforce. The CVSS 4.0 score of 8.5 reflects high impact on confidentiality, integrity, and availability of the vulnerable system, though exploitation requires existing local access with low privileges. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Idira Endpoint Privilege Manager
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-45175 HIGH PATCH This Week

Local privilege escalation and self-defense bypass in CyberArk (Palo Alto Networks) Idira Endpoint Privilege Manager Agent versions prior to 26.5 allows an authenticated local attacker to circumvent internal cryptographic validation and agent tamper-protection controls. Successful exploitation lets the attacker disable EPM enforcement and execute unauthorized operations on the endpoint, undermining the very privilege-management protections the product is meant to provide. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Idira Endpoint Privilege Manager
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-45178 HIGH PATCH This Week

Improper access control in CyberArk Conjur Enterprise (Idira Secrets Manager Self-Hosted) versions 13.8.0 and earlier allows authenticated attackers with standard node-level credentials to abuse internal cluster endpoints to retrieve unauthorized secrets or trigger denial of service. The flaw is rated CVSS 4.0 base 8.4 with high confidentiality impact extending to subsequent systems, but no public exploit identified at time of analysis. CyberArk has published Security Bulletin CA26-20 alongside fixed releases.

Authentication Bypass Denial Of Service Conjur Enterprise
NVD VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-45173 HIGH PATCH This Week

Origin validation failure in CyberArk's Idira Identity Browser Extension for Chrome, Firefox, and Edge (versions prior to 26.8.1) allows a remote attacker to abuse an authenticated user's browser session by luring them to a malicious page. Per CyberArk bulletin CA26-21, the extension's internal web-page verification routine fails to correctly enforce origin checks (CWE-346), enabling unauthorized application interaction in the victim's identity context. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.4 reflects high confidentiality impact and subsequent-system impact via the identity SaaS the extension brokers.

Mozilla Authentication Bypass Google Identity Browser Extensions
NVD VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-12031 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page abusing the Views UI framework. Chromium rates the severity High, and no public exploit is identified at time of analysis, but sandbox-escape primitives are routinely chained with renderer RCE bugs into full browser compromise on Windows endpoints.

Microsoft Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12030 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox through a heap-based out-of-bounds write in the GPU process triggered by a crafted HTML page. Chromium rates the severity High and a vendor patch is available, but no public exploit has been identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack (compromised renderer required) combined with full impact across confidentiality, integrity, and availability.

Heap Overflow Google Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12029 HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12028 HIGH PATCH This Week

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12023 HIGH PATCH This Week

Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12008 HIGH PATCH This Week

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12034 HIGH PATCH This Week

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12016 HIGH PATCH This Week

Sandbox escape in Google Chrome's DevTools component before version 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High severity by Chromium with a CVSS of 8.3, this is a second-stage vulnerability typically chained with a renderer RCE bug. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Google Information Disclosure
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12009 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exercises the Accessibility subsystem. Chromium rates the issue Critical severity; no public exploit identified at time of analysis, and the flaw is not on the CISA KEV list. The bug is reachable only after a prior renderer compromise and requires user interaction, which limits drive-by exploitation but makes it a key second-stage primitive in a full browser chain.

Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12019 HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. Exploitation is conditional on chaining with a prior renderer compromise, which raises real-world complexity.

Google Memory Corruption Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12011 HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy