Skip to main content
CVE-2026-13854 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux (versions prior to 150.0.7871.47) stems from a use-after-free in Ozone, Chrome's platform abstraction layer for windowing and graphics. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break out of the browser sandbox and gain code execution at the higher-privileged browser-process level. There is no public exploit identified at time of analysis, and the EPSS score is low (0.21%, 11th percentile), consistent with a second-stage bug that requires a prior renderer compromise rather than a directly weaponizable single-shot flaw.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13853 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop before 150.0.7871.47 stems from a use-after-free in the Journeys (browsing history) component, allowing a remote attacker who has already compromised the renderer process to break out of the sandbox and gain broader code execution on the host via a crafted HTML page. Rated High severity by Chromium and CVSS 9.6, a fix is available from vendor; no public exploit identified at time of analysis and EPSS exploitation probability is low (0.21%, 11th percentile). Exploitation is meaningful only as the second stage of a chain, since it presupposes prior renderer compromise.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13846 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for macOS before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the browser sandbox by exploiting a use-after-free in the USB subsystem via a crafted HTML page. Rated High by Chromium and CVSS 9.6, it functions as a second-stage escalation primitive rather than a standalone entry point. There is no public exploit identified at time of analysis, and EPSS is low at 0.21% (11th percentile).

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13797 CRITICAL PATCH Act Now

Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Information Disclosure Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13796 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Chromecast component before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page, escalating from renderer-level code execution to the more privileged browser process. Google rates the Chromium severity High and the CVSS is 9.6 due to the scope change; however, EPSS is only 0.21% (11th percentile) and there is no public exploit identified at time of analysis. A vendor patch is available.

Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13792 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for macOS versions prior to 150.0.7871.47 stems from a use-after-free in the Touchbar component, letting a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Reported through Google's internal Chrome security process and rated High by Chromium, it carries a CVSS 9.6 due to scope change and full CIA impact, though there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.21%. SSVC assesses current exploitation as none, indicating this is a patch-now-but-not-panic item.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13789 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's GPU process (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 9.6 due to a scope-changing (S:C) full-impact outcome, this is a use-after-free (CWE-416) memory-corruption bug. No public exploit identified at time of analysis; EPSS is low (0.21%, 11th percentile) and CISA SSVC lists exploitation as none, so it is a serious-but-not-yet-exploited patch priority.

Memory Corruption Denial Of Service Use After Free Google
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-10140 CRITICAL Act Now

Cross-tenant credential confusion in IBM Langflow OSS 1.0.0 through 1.10.0 lets an authenticated user manipulate the voice-mode shared cache so that other tenants' requests are processed with the wrong upstream API credentials, causing billing and accountability to be misattributed across tenant boundaries. The flaw (CWE-639) requires only low-privilege authentication and is rated critical (CVSS 9.6) because a scope change extends the impact to other users and upstream services. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass IBM Langflow
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-56700 CRITICAL PATCH Act Now

Arbitrary code execution in Grav CMS before 2.0.0-beta.2 stems from three distinct flaw classes: PHP object injection via unsafe unserialize() of attacker-controllable data in the Scheduler JobQueue, FileCache adapter, and Session components, an OS command injection in the plugin/theme InstallCommand git clone routine, and a Twig sandbox blocklist bypass enabling server-side template injection. An attacker who can influence the serialized input can chain available gadgets to run arbitrary PHP, while the command-injection path is reachable by authenticated administrators through plugin/theme installation. No public exploit identified at time of analysis; the issues were privately reported by VulnCheck and are fixed in 2.0.0-beta.2.

Command Injection Deserialization RCE PHP Grav
NVD GitHub
CVSS 4.0
9.3
EPSS
1.7%
CVE-2026-14120 CRITICAL PATCH Act Now

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14113 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Windows before 150.0.7871.47 lets an attacker who has already compromised the renderer process abuse a use-after-free in the Updater component via a crafted HTML page to break out of the browser sandbox. It is a second-stage bug that Chromium rated only Low severity despite the CVSS 9.6 score, with no public exploit identified at time of analysis and a low EPSS probability of 0.18% (8th percentile). Google has shipped a fixed Stable-channel build.

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14109 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process bypass Mojo IPC policy enforcement and break out of the sandbox using a crafted HTML page. This is a second-stage flaw in the Mojo inter-process communication layer rather than an initial-access bug, and Google itself rated the Chromium security severity as Low despite the NVD CVSS of 9.6. No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile).

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14106 CRITICAL PATCH Act Now

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14101 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox through a crafted HTML page. The root cause is insufficient policy enforcement in Chrome's macOS sandbox (CWE-693). No public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile); Google's own Chromium security team rated the severity 'Low', which conflicts sharply with the CVSS 9.6 assigned by NVD.

Information Disclosure Google Red Hat Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14097 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS prior to 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the WebAppInstalls component. Chromium rated the underlying issue Low severity even though the CVSS base score is 9.6, and there is no public exploit identified at time of analysis; EPSS is 0.17% (7th percentile). The vulnerability is a second-stage primitive that requires prior renderer code execution, not a standalone drive-by.

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14095 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the browser sandbox and gain code execution on the host via a crafted HTML page. The flaw stems from insufficient policy enforcement in the browser process (CWE-20) and, while carrying a high CVSS base score of 9.6 due to the scope change, was rated only Low severity by Chromium because it is not independently exploitable. No public exploit has been identified and EPSS probability is very low (0.17%, 7th percentile).

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14093 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Cast component (versions prior to 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page, exploiting a use-after-free (CWE-416) memory-corruption bug. Google's Chromium team rated the security severity as Low, and while NVD assigns a 9.6 CVSS reflecting full sandbox-escape impact, exploitation is gated behind a pre-existing renderer compromise. No public exploit was identified at time of analysis, EPSS is very low at 0.17% (7th percentile), and there is no CISA KEV listing.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14055 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox by feeding crafted input to the Device Trust component via a malicious HTML page. NVD scores this 9.6 (Critical) while Google rates the Chromium security severity as Low, and there is no public exploit identified at time of analysis. EPSS is very low at 0.17% (7th percentile), and it is not listed in CISA KEV.

Information Disclosure Microsoft Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14044 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) and is second-stage: it is not directly exploitable from the open web without a prior renderer compromise. No public exploit has been identified at time of analysis, and its EPSS exploitation probability is low (0.17%, 7th percentile); notably, Google rated the Chromium security severity as Low despite the NVD CVSS of 9.6.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14043 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's GetUserMedia (media capture) implementation before version 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) reported by Google's own security team; despite an NVD CVSS of 9.6, Chromium rates its severity Low, and there is no public exploit identified at time of analysis with an EPSS of only 0.17% (7th percentile).

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14037 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's GPU process before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. The flaw is a protection-mechanism failure (CWE-693) that Google patched in the June 2026 Stable channel update; Chromium rated its intrinsic severity Low because it is only useful as the second link in an exploit chain, and no public exploit has been identified at time of analysis. EPSS probability is low (0.17%, 7th percentile), consistent with a chained bug rather than a mass-exploitable entry point.

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14017 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Navigation component before 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Rated Medium by Chromium but carries a 9.6 CVSS due to the scope-changing sandbox breach; EPSS is low (0.17%, 7th percentile) and there is no public exploit identified at time of analysis, indicating it is realistically a second-stage link in an exploit chain rather than a standalone remote-code path.

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14152 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the renderer sandbox via a crafted HTML page. The flaw is a CWE-787 out-of-bounds read and write; Google's own Chromium team rated the security severity as Low, and there is no public exploit identified at time of analysis. EPSS estimates only a 0.17% (7th percentile) chance of exploitation, and the vulnerability is not listed in CISA KEV.

Memory Corruption Buffer Overflow Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14056 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Media component before version 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to break out of the sandbox using a crafted video file. The flaw stems from insufficient validation of untrusted input (CWE-20) and carries a scope-changing CVSS 3.1 score of 9.6, though Google rated the underlying Chromium severity as Low and no public exploit has been identified at time of analysis. EPSS is low at 0.16% (6th percentile), and it is not listed in CISA KEV.

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-44946 CRITICAL PATCH Act Now

SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a victim's SAML response reuse that assertion to authenticate as the victim, because the handler never enforces one-time use. Rancher 2.14.0 through 2.14.2 are affected, and because Rancher governs downstream Kubernetes clusters, a successful replay can yield administrative control. No public exploit identified at time of analysis; the issue is not on the CISA KEV list, and the carried CVSS 4.0 base score is 9.5 driven largely by the scope/subsequent-system impact.

Denial Of Service Rancher
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.3%
CVE-2026-58138 CRITICAL PATCH Act Now

Unauthenticated remote code execution in Orkes Conductor (conductor-oss) versions 3.21.21 through 3.30.1 lets remote attackers run arbitrary OS commands by POSTing inline workflow definitions to the workflow API before any authentication check. The flaw stems from GraalVM script evaluators left in an unsandboxed state (HostAccess.ALL / allowAllAccess(true)), allowing JavaScript or Python expressions in INLINE, LAMBDA, DO_WHILE, and SWITCH tasks to reach Java reflection and subprocess APIs. Reported by VulnCheck; no public exploit identified at time of analysis, though a detailed vendor/researcher advisory exists.

Code Injection Python Java RCE Conductor
NVD GitHub
CVSS 4.0
9.3
EPSS
0.9%
CVE-2026-58449 CRITICAL PATCH Act Now

Remote code execution in txtai through 9.10.0 lets a remote attacker reach the API /reindex endpoint and supply an arbitrary dotted callable (for example subprocess.getoutput) that the server imports and invokes during reindexing, running commands as the server process. The flaw is exploitable only when the API is network-exposed with no TOKEN set (so all endpoints are unauthenticated) and the index is writable - not the default posture. No public exploit has been identified at time of analysis, but the issue carries a high CVSS 4.0 base score of 9.3 and was reported by VulnCheck.

Code Injection RCE Txtai
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-58116 CRITICAL Act Now

Remote code execution in LLaMA-Factory through version 0.9.5 allows attackers who can reach the Gradio WebUI to run arbitrary Python by entering a malicious model path in the Chat or Training interfaces. Because the app forwards unvalidated user input into Hugging Face's AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with a hardcoded trust_remote_code=True, a referenced repository's custom modeling code executes with the server process's privileges. Publicly available exploit code exists (a proof-of-concept gist plus a VulnCheck advisory), though it is not listed in CISA KEV and no in-the-wild abuse is documented in the available data.

Code Injection Python RCE Llama Factory
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-12076 CRITICAL Act Now

SQL injection in Raytha CMS 1.5.2 lets a remote, unauthenticated attacker inject arbitrary SQL through the OData filter parsing pipeline, yielding full compromise of the backing PostgreSQL database and extraction of stored credentials. The CVSS 4.0 base score is 9.3 (critical) with a fully network-reachable, no-privilege, no-interaction vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated network-facing nature makes it a high-priority patch candidate.

PostgreSQL SQLi Raytha
NVD VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-56278 CRITICAL PATCH Act Now

Authentication bypass in Flowise 3.0.13 and earlier lets unauthenticated remote attackers forge valid signed session cookies and impersonate any user, including administrators. The flaw stems from a publicly known hardcoded default secret ('flowise') used by the express-session middleware whenever the EXPRESS_SESSION_SECRET environment variable is left unset - the default deployment state. No public exploit identified at time of analysis, but forgery is trivial since the signing key is visible in the source code, and CVSS 4.0 rates it 9.3 (Critical).

Authentication Bypass Flowise
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-12819 CRITICAL CISA Act Now

Unauthenticated Modbus TCP exposure on the Delta Electronics DVP12SE programmable logic controller lets any network-reachable attacker invoke security-sensitive PLC functions - reading and writing process registers, coils, and configuration - with no credentials or access control. The flaw (CWE-306, Missing Authentication for a Critical Function) carries a CVSS 4.0 base of 9.3 and is documented in Delta advisory PCSA-2026-00011 alongside CVE-2026-12818. There is no public exploit identified at time of analysis and no CISA KEV listing, but the Modbus protocol is trivially scriptable and well understood, lowering the practical exploitation bar.

Authentication Bypass Dvp 12Se
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-12818 CRITICAL CISA Act Now

Resource exhaustion in Delta Electronics DVP12SE programmable logic controllers lets remote attackers crash or hang the device by overwhelming its Modbus TCP service, which lacks connection/resource throttling (CWE-770). Any host able to reach the PLC's Modbus TCP port can degrade or deny control of the affected industrial process. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the unauthenticated network attack surface makes it a meaningful availability risk in OT environments.

Denial Of Service Dvp 12Se
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-11712 CRITICAL Act Now

Cross-site scripting in IBM WebSphere Application Server 9.0 and 8.5 lets a remote attacker inject malicious script into the administrative console help system, which executes in the browser session of an administrator who is lured into viewing the crafted content. Because the payload runs inside an authenticated admin context, it can be abused to hijack the console session, manipulate configuration, or steal sensitive credentials. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; exploitation requires the victim administrator to interact with the malicious content (UI:R).

XSS IBM Websphere Application Server
NVD VulDB
CVSS 3.1
9.3
EPSS
0.2%
CVE-2026-11708 CRITICAL Act Now

Cross-site scripting in IBM WebSphere Application Server 9.0 and 8.5 lets an attacker inject malicious script into the administrative console's integrated help system, which then executes in the browser of an administrator who views the affected page. Successful exploitation can hijack the admin session or perform actions in the console UI context. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, so risk is currently theoretical rather than actively exploited.

XSS IBM Websphere Application Server
NVD VulDB
CVSS 3.1
9.3
EPSS
0.2%
CVE-2026-14038 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's New Tab Page prior to 150.0.7871.47 allows an attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input (CWE-20) and requires a pre-existing renderer foothold, making it a second-stage exploit rather than an initial-access vector. Google rated the Chromium severity as Low; no public exploit identified at time of analysis and EPSS exploitation probability is low (0.17%, 7th percentile).

Information Disclosure Google Suse
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2026-58370 CRITICAL PATCH Act Now

Approval-gate bypass in Woodpecker CI before 3.15.0 lets an attacker who can open a merge request from a fork against a GitLab-backed repository run unapproved, attacker-controlled pipelines. Because the GitLab forge driver populates pipeline.Author from the spoofable git commit author name (commit.author.name) rather than the GitLab-validated user identity, an attacker simply sets the commit author to a name listed in ApprovalAllowedUsers, making needsApproval return false. This grants arbitrary CI step execution on a Woodpecker agent and exposure of CI secrets; there is no public exploit identified at time of analysis, but the issue was reported by VulnCheck and is trivially reproducible.

Authentication Bypass Gitlab Gitea Woodpecker
NVD GitHub
CVSS 4.0
9.2
EPSS
0.5%
CVE-2026-56264 CRITICAL PATCH Act Now

Arbitrary JavaScript execution in Crawl4AI's Docker API server (versions before 0.8.7) lets remote attackers submit code to the /execute_js endpoint, which runs it inside the server's Chromium browser context launched with --disable-web-security. Because the browser's same-origin and CORS protections are disabled, attacker-controlled JavaScript can pivot into server-side request forgery against internal services and metadata endpoints. No public exploit has been identified at time of analysis, and the CVSS 4.0 base score is 9.2 (critical), though the vector's high attack complexity and present attack requirements indicate exploitation is not fully trivial.

Code Injection SSRF Docker RCE Crawl4ai
NVD GitHub
CVSS 4.0
9.2
EPSS
0.5%
CVE-2026-48315 CRITICAL Act Now

Arbitrary code execution in Adobe ColdFusion 2025.9, 2023.20 and earlier stems from improper input validation (CWE-20) that lets an attacker craft a malicious file which, when opened by a victim, executes code in the context of the current user and can inject scripts to hijack the victim's account or session. The CVSS 3.1 base score is 9.3 (Critical) with a changed scope, reflecting cross-boundary impact once the victim is lured into interaction. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV, so risk currently hinges on social-engineering a target into opening attacker-supplied content.

RCE Coldfusion
NVD VulDB
CVSS 3.1
9.3
EPSS
0.5%
CVE-2026-53690 CRITICAL Act Now

SQL injection in Redeight CMS 1.0 lets unauthenticated remote attackers extract sensitive database contents by injecting through the 'userEmail' POST parameter of the /admin/index.php login endpoint. Because user input is interpolated directly into SQL without prepared statements, an attacker needs no credentials and no user interaction to read or manipulate backend data, including admin authentication material. The flaw was reported by CERT-PL and carries a CVSS 4.0 base score of 9.3 (Critical); no public exploit identified at time of analysis.

SQLi PHP Redeight Cms
NVD VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-14162 CRITICAL PATCH Act Now

Sensitive data exposure in Advantech Hospital Queuing Management lets unauthenticated remote attackers reach a specific URL and retrieve the application's API documentation, mapping out endpoints and parameters without any credentials. The flaw is rooted in missing authentication (CWE-306) on a resource that should be protected, and TWCERT rates it CVSS 4.0 9.3 (Critical). No public exploit is identified at time of analysis, but the exposed API documentation provides reconnaissance that materially lowers the barrier to follow-on attacks.

Authentication Bypass Information Disclosure Hospital Quering Management
NVD VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-13449 CRITICAL Act Now

XML external entity (XXE) injection in IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 lets a remote, unauthenticated attacker submit crafted XML to the application's XML parser to read sensitive files or exhaust memory. The flaw carries a CVSS 9.1 (high confidentiality and availability impact) but has no public exploit identified at time of analysis, and EPSS is low at 0.39% (31st percentile). Reported by IBM PSIRT with a vendor advisory published (IBM support node 7278532).

XXE IBM Business Automation Manager
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-58016 CRITICAL PATCH Act Now

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-Bus introspection XML that nests a <node> element inside <method>, <signal>, <property>, or <arg>. This state-confusion bug triggers an unsigned integer underflow/overflow (CWE-191) and a subsequent out-of-bounds read, crashing any application or service that parses attacker-influenced introspection data. No public exploit identified at time of analysis, EPSS is low (0.34%), and CISA SSVC rates exploitation as none with only partial technical impact.

Integer Overflow Denial Of Service Buffer Overflow Glib Enterprise Linux
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-6556 CRITICAL PATCH Act Now

Authorization bypass in the @fastify/express middleware-compatibility plugin (versions 4.0.6 and earlier) lets unauthenticated remote attackers reach protected routes inside prefixed Fastify plugin scopes when security middleware is mounted using array or regular-expression paths. Because those non-string mount paths are never rewritten with the plugin prefix, authentication, authorization, rate-limiting, or auditing middleware silently fails to match the real request path and is skipped while Fastify still routes the request to the handler. There is no public exploit identified at time of analysis, and the issue is fixed in 4.0.7.

Authentication Bypass Fastify Express
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-10560 CRITICAL Act Now

Information disclosure and denial of service in IBM Langflow OSS 1.0.0 through 1.9.6 stem from missing authentication on the /api/v1/build_public_tmp/ endpoints, letting an unauthenticated attacker who supplies a valid job identifier read build event data or cancel running jobs. The flaw carries a CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) and CWE-287 classification; there is no public exploit identified at time of analysis, and EPSS is low at 0.25% (17th percentile) with CISA SSVC recording no observed exploitation but flagging it as automatable.

Authentication Bypass IBM Denial Of Service Information Disclosure Langflow
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-7874 CRITICAL PATCH Act Now

Credential disclosure in IBM Langflow OSS versions 1.0.0 through 1.10.0 stems from a weak, reversible key-derivation mechanism used to protect secrets encrypted at rest, allowing an attacker who can reach the stored credential data to recover the encryption key and decrypt every stored credential. Because Langflow stores API keys, database connection strings, and third-party service tokens used by AI workflow components, recovery of these secrets gives an attacker the keys to all integrated systems. There is no public exploit identified at time of analysis, no CISA KEV listing, and no EPSS score supplied, so the threat is currently theoretical but high-impact, and IBM (the reporter) has released a fix.

IBM Information Disclosure Langflow Oss
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-13852 CRITICAL PATCH Act Now

Discretionary access control bypass in Google Chrome for Android before 150.0.7871.47 lets a local attacker abuse the WebAppInstalls component through a crafted HTML page, undermining the platform's integrity and availability boundaries. Google rates the Chromium severity High and has shipped a fix in the Stable channel; no public exploit identified at time of analysis and EPSS exploitation probability is low (0.14%, 4th percentile).

Authentication Bypass Google Suse
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-13851 CRITICAL PATCH Act Now

Access-control bypass in Google Chrome for Android before 150.0.7871.47 allows an attacker to subvert discretionary access controls through the WebAppInstalls component by serving a crafted HTML page, stemming from insufficient validation of untrusted input. Rated High by Chromium and scored CVSS 9.1, the flaw carries high integrity and availability impact but no confidentiality loss; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.14%, 4th percentile).

Authentication Bypass Google Suse
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-13872 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Android before 150.0.7871.47 lets a local attacker break out of the renderer/browser sandbox by feeding a malicious file into the WebAppInstalls component, which insufficiently validates untrusted input (CWE-20). Chromium rates the security severity as Medium, and no public exploit has been identified at time of analysis; EPSS estimates only a 0.13% (3rd percentile) chance of exploitation in the next 30 days. A vendor patch is available in Chrome 150.0.7871.47.

Information Disclosure Google Suse
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-13773 CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 arises from roughly 50 generated CORBA stub classes in the shipped ogclient.jar that invoke ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, converting any unfiltered ObjectInputStream sink in the surrounding WebSphere Application Server into outbound IIOP server-side request forgery. When chained with the IBM ORB getUserException class-instantiation flaw (tracked as WAS-26), that SSRF escalates to code execution on the calling JVM. CVSS is 10.0 (scope-changed, full CIA impact); EPSS is 3.01% (86th percentile) and there is no public exploit identified at time of analysis.

Deserialization SSRF RCE IBM Java +1
NVD VulDB
CVSS 3.1
10.0
EPSS
3.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy