Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Sandbox escape in Google Chrome for iOS prior to 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page, escalating from renderer-level code execution to broader access on the device. The flaw stems from insufficient policy enforcement (CWE-20) and carries a High Chromium severity rating with a CVSS 8.3 (scope-changed) score. There is no public exploit identified at time of analysis and it is not in CISA KEV; EPSS probability is low at 0.21% (11th percentile).
Sandbox escape in Google Chrome's Chromecast component (versions before 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the browser sandbox and reach the host via a crafted HTML page. Rooted in a use-after-free (CWE-416) memory-corruption bug rated High by Chromium, it carries a CVSS 8.3 driven by a scope change and full CIA impact, but requires a pre-existing renderer compromise, high attack complexity, and user interaction. No public exploit identified at time of analysis, and the low EPSS (0.21%) plus SSVC 'exploitation: none' indicate it is not currently being exploited.
Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the security sandbox using a crafted HTML page, elevating from a contained renderer to broader host access. Rooted in CWE-669 (incorrect resource transfer between spheres) within Chrome's AI component, it carries a CVSS 8.3 (scope-changed) rating despite Google's own 'Low' Chromium severity, reflecting the fact that it is a second-stage escape rather than a standalone entry point. There is no public exploit identified at time of analysis, EPSS exploitation probability is low (0.17%, 7th percentile), and it is not listed in CISA KEV.
Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library prior to version 2.88.1, where an application that configures a multi-byte custom line terminator triggers memcmp to read past the end of the internal GString buffer. Depending on memory layout, this leaks up to 7 bytes of adjacent heap memory (minor information disclosure) or crashes the process when the over-read crosses an unmapped page boundary (denial of service). There is no public exploit identified at time of analysis, EPSS is low (0.27%), and CISA SSVC rates exploitation as none.
Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. There is no public exploit identified at time of analysis and EPSS is low (0.26%, 18th percentile), but the flaw is broadly reachable because GLib underpins the GNOME stack and ships across Red Hat Enterprise Linux 6-10.
Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory and to crash applications that deserialise untrusted GVariant data. The flaw sits in gvs_tuple_is_normal() in glib/gvariant-serialiser.c, where an alignment-padding bounds check uses '>' instead of '>=', reading one byte past the buffer; when that byte falls across a page boundary the process faults, producing a denial of service. No public exploit identified at time of analysis, and EPSS is low (0.26%), but GLib's near-universal presence on Linux systems makes the exposure broad.
Credential leakage in electron-updater (the auto-update component of electron-builder / builder-util-runtime) before 9.7.0 allows an attacker controlling a redirect target to harvest update-feed credentials. The HTTP redirect handler only stripped a header keyed exactly as lowercase "authorization", so PRIVATE-TOKEN (GitLab personal access tokens) and mixed-case Authorization (GitLab Bearer/OAuth) headers were forwarded to attacker-controlled cross-origin redirect destinations. There is no public exploit identified at time of analysis, but the upstream fix is published in version 9.7.0.
Server-Side Request Forgery in IBM Langflow OSS 1.0.0 through 1.9.6 lets an attacker coerce the application into making arbitrary HTTP requests via the legacy RSSReaderComponent (rss.py) and the SearXNG component (searxng.py), which fetch user-controlled URLs without validation. These two components bypass the SSRF protections that were added in version 1.9.3, allowing reach into internal resources such as AWS/Azure/GCP instance metadata (IMDS) to steal IAM credentials and enumerate internal networks. The flaw is reachable directly by an authenticated user and indirectly through prompt injection in agentic workflows because the components are exposed with tool_mode=True; no public exploit identified at time of analysis.
Privilege escalation via improper authorization in Apache ActiveMQ before 5.19.8 and 6.0.0 before 6.2.7 lets an authenticated low-privilege Web Console user reach the administrative /admin/* paths that should be restricted to administrators. The flaw stems from default Jetty configuration that failed to scope those paths to admin roles, granting low-priv users administrative Web Console functionality. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Windows affects all desktop builds prior to 150.0.7871.47, where a use-after-free (CWE-416) lets a remote attacker corrupt memory via malicious network traffic. Google rates the Chromium severity Critical, and a vendor patch is available, but there is no public exploit identified at time of analysis and EPSS is low at 0.24%. High attack complexity (AC:H) means the memory-corruption race is non-trivial to win reliably, tempering the CVSS 8.1 score.
Remote code execution in Google Chrome on ChromeOS (versions prior to 150.0.7871.47) stems from a use-after-free in the Chromoting (Chrome Remote Desktop) component, letting a remote attacker corrupt memory and execute arbitrary code through malicious network traffic. Google rates the Chromium severity as Critical, and CVSS scores it 8.1 with a high attack complexity. As of this analysis there is no public exploit identified and it is not listed in CISA KEV; EPSS is low at 0.24% (15th percentile), and SSVC records exploitation status as none.
Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network retrieve sensitive files from the appliance when the NSIP, Cluster Management IP, or a SNIP has management access enabled. The flaw (CWE-73, external control of file name or path) carries a CVSS 4.0 base score of 7.1 with high confidentiality impact, and no public exploit identified at time of analysis. Exposure is gated by the management interface being reachable, which limits but does not eliminate risk given NetScaler's history of attacker targeting.
Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)
Heap corruption in Google Chrome's QUIC networking stack (versions prior to 150.0.7871.47) stems from a use-after-free that a remote attacker can trigger through crafted network traffic, potentially leading to arbitrary code execution in the affected browser process. Google rated the Chromium security severity as High and has shipped a fixed Stable-channel build; there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as 'none'. EPSS is low (0.19%, 9th percentile), indicating no observed weaponization despite a total technical-impact rating.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
Out-of-bounds memory read in the CameraCapture component of Google Chrome on ChromeOS (versions prior to 150.0.7871.47) lets a remote attacker leak adjacent process memory when a victim opens a crafted HTML page. No public exploit identified at time of analysis, and EPSS is low (0.17%), but the flaw is marked automatable by CISA SSVC. Note a signal conflict: the NVD CVSS is 8.1 (high) while Google rates the Chromium security severity as Low.
Out-of-bounds memory read in the SurfaceCapture component of Google Chrome before 150.0.7871.47 lets a remote attacker leak adjacent heap memory when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity, though the associated CVSS is 8.1; there is no public exploit identified at time of analysis and EPSS estimates exploitation probability at just 0.17% (7th percentile), consistent with a browser bug fixed pre-disclosure. Successful exploitation could disclose sensitive in-process data or crash the renderer, and typically serves as one link in a larger sandbox-escape chain rather than standalone compromise.
Out-of-bounds read in the Zephyr RTOS Bluetooth controller's ISO Adaptation Layer (isoal.c) lets an adjacent attacker leak controller memory to the HCI host and potentially crash the device. A malicious CIS peer or a broadcaster the device is BIS-synced to sends a framed ISO PDU whose start-segment length field is 0-2, causing a uint8_t underflow (len-3 → 253-255) that copies up to ~255 bytes past the received PDU into an HCI ISO packet. Publicly available exploit code exists (SSVC: poc); it is not listed in CISA KEV, and EPSS is low at 0.17%, indicating no evidence of widespread active exploitation.
Arbitrary code execution in Google Chrome desktop versions prior to 150.0.7871.47 stems from a use-after-free flaw in the Extensions component, which Chromium rated Critical severity. An attacker who convinces a victim to install a malicious extension can trigger the dangling-pointer condition through a crafted extension to run arbitrary code in the affected process. There is no public exploit identified at time of analysis, EPSS is low (0.16%, 6th percentile), and CISA/SSVC records no observed exploitation.
Non-atomic reference-count manipulation in the Zephyr RTOS net_buf library (lib/net_buf/buf.c) allows a double-free/use-after-free when a single buffer is shared and independently unref'd across concurrent contexts. Because buf->ref and the per-data-block ref_count were incremented/decremented with plain C operators despite the API being documented as self-synchronizing, two holders racing net_buf_unref() under SMP or single-core preemption can each conclude they hold the last reference, causing a double k_heap_free()/k_free() (heap-metadata corruption and UAF on heap-hardening poison) for heap/variable-data pools, or a double return to the pool free list for any pool type. All Zephyr releases through v4.4.0 are affected; no public exploit is identified at time of analysis and EPSS risk is low (0.16%, 6th percentile).
Arbitrary code execution in Google Chrome desktop before 150.0.7871.47 arises from insufficient input validation in the Downloads component, letting a crafted Chrome extension break out of its intended sandbox constraints. An attacker who first convinces a victim to install a malicious extension can leverage the flaw to run arbitrary code, which Chromium rates High severity. No public exploit has been identified at time of analysis and EPSS is low (0.15%, 5th percentile), indicating no observed widespread exploitation.
Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)
Privilege escalation in Google Chrome desktop prior to 150.0.7871.47 stems from insufficient policy enforcement in the WebHID subsystem, letting a maliciously crafted extension escape its intended boundaries and gain elevated access to human-interface devices and browser privileges. Exploitation first requires convincing a victim to install the malicious extension, after which a crafted Chrome Extension bypasses WebHID access controls. Chromium rates the issue Medium; no public exploit is identified at time of analysis and EPSS exploitation probability is low (0.13%, 3rd percentile).
Arbitrary file deletion in the Export User Data plugin for WordPress (versions up to and including 2.2.6) allows an authenticated subscriber-level attacker to delete any file on the server, including wp-config.php, which can escalate to remote code execution. The flaw stems from unsafe deserialization of a PHP object embedded in a user's display name that is processed when an administrator exports user data. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; exploitation is gated by required administrator interaction.
Arbitrary file upload in Nokia MantaRay NM (network management) prior to 25R2-NM allows an authenticated, low-privileged attacker to bypass insufficient file-type validation and place malicious files on the host, leading to full compromise of confidentiality, integrity, and availability (CVSS 7.8). The flaw is a CWE-434 unrestricted upload; the CVSS vector specifies a local attack vector (AV:L) rather than remote network exploitation. No public exploit identified at time of analysis, and the EPSS score is very low (0.18%, 7th percentile).
Local privilege escalation in Nokia MantaRay NM (network management) lets an attacker who already holds local administrative privileges abuse a misconfigured sudo command set to obtain full root access on the host, gaining complete control of the filesystem and arbitrary root command execution. The flaw was reported by Nokia and affects versions prior to NM 25R1-NM, with no public exploit identified at time of analysis and a low EPSS exploitation probability of 0.17%.
Local arbitrary code execution in Google Chrome for macOS (versions prior to 150.0.7871.47) stems from a use-after-free in the WebUSB implementation, which Chromium rates Critical. A local attacker who can present a malicious USB peripheral to a victim who authorizes it can corrupt renderer memory and run attacker-controlled code within the browser's context. There is no public exploit identified at time of analysis, and EPSS is low (0.16%, 5th percentile), reflecting limited likelihood of widespread opportunistic exploitation.
Local privilege escalation in Google Chrome's Chromoting (Chrome Remote Desktop) component on Windows before 150.0.7871.47 allows a local attacker who plants a malicious file to elevate privileges after the victim interacts with it. The flaw stems from insufficient validation of untrusted input (CWE-20) and carries a 7.8 CVSS but was rated Low severity by Chromium's own team. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.13%, 3rd percentile), consistent with a local, interaction-dependent issue rather than a mass-exploitable one.
Local OS-level privilege escalation in Google Chrome on Windows (versions prior to 150.0.7871.47) arises from a use-after-free in the Chrome Updater component, letting a local attacker who can plant a malicious file on the system elevate to higher OS privileges. Google rates the Chromium severity as High and has released a fixed Stable channel build; there is no public exploit identified and it is not listed in CISA KEV. EPSS is low at 0.13% (3rd percentile), consistent with a bug that requires local access and user interaction rather than mass remote exploitation.
Local privilege escalation in Google Chrome's Updater component on macOS versions prior to 150.0.7871.47 lets an attacker abuse a use-after-free (CWE-416) via a malicious file to gain the elevated privileges under which the updater runs. Google rates the Chromium severity as High, and the CVSS 3.1 base score is 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low at 0.13% (3rd percentile), consistent with the SSVC exploitation status of 'none'.
Local arbitrary code execution in electron-builder (app-builder-lib) AppImage targets prior to 26.15.0 occurs because an empty path component in the runtime-set LD_LIBRARY_PATH adds the current working directory to the dynamic linker search path, letting an attacker who can plant a malicious shared library in the AppImage's launch directory hijack library loading. The flaw affects Linux AppImage bundles produced by app-builder-lib (the packaging engine behind electron-builder/electron-updater) and is fixed in 26.15.0. No public exploit identified at time of analysis; CVSS 7.8 reflects high local impact rather than remote exposure.
Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
Privilege escalation in Google Chrome for Android (CustomTabs) prior to 150.0.7871.47 allows a local attacker to escalate privileges by supplying a malicious file that CustomTabs fails to validate properly. Google rates the Chromium severity as Medium, and the requirement for user interaction plus local access limits remote mass exploitation. No public exploit has been identified at time of analysis and the EPSS score is very low (0.13%, 3rd percentile), so opportunistic exploitation appears unlikely.
Local privilege escalation in the Google Chrome Updater on Windows (versions prior to 150.0.7871.47) allows a local attacker to gain OS-level privileges by planting a malicious file that the Updater component mishandles. Rated High by Chromium and CVSS 7.8, exploitation requires local access plus user interaction; there is no public exploit identified at time of analysis, and EPSS is low at 0.13% (3rd percentile). A vendor patch is available in the June 2026 Stable Channel release.
OS-level privilege escalation in Google Chrome for Windows before 150.0.7871.47 lets a local attacker leverage an inappropriate implementation in the CredentialProvider component to elevate privileges via a malicious file. Exploitation requires local access plus user interaction (UI:R), and though Google rated the Chromium security severity 'Low', the CVSS 3.1 base score is 7.8 (High) due to full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS probability is very low at 0.11% (2nd percentile).
Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
Local privilege escalation in Google Chrome's Updater component on Windows (versions prior to 150.0.7871.47) allows a local attacker to escalate to OS-level privileges via a malicious file that triggers a use-after-free condition. Google rates the Chromium security severity as Medium, though the CVSS base score is 7.8 (High) because the Updater runs with elevated (SYSTEM) privileges. There is no public exploit identified at time of analysis and EPSS is very low (0.11%, 1st percentile), indicating negligible observed exploitation activity.
Privilege escalation via missing authorization in HKUDS DeepTutor before 1.4.10 lets any authenticated low-privilege user invoke deployment-wide MCP (Model Context Protocol) tools they were never granted. The root cause is the allowed_mcp_tools function in deeptutor/multi_user/tool_access.py returning None (interpreted as 'allow all') instead of a denied result when the mcp_tools key is omitted from a user's grant, so a regular user - or prompt-injected content running inside their session - can enumerate and call filesystem, shell, and browser MCP servers. No public exploit is identified at the time of analysis and it is not in CISA KEV, but a vendor patch (v1.4.10) is available and the issue was reported by VulnCheck.
{}' brace groups to the expand() function, whose recursion is exponential in the number of such groups. Because brace-expansion is a near-ubiquitous transitive dependency (notably via minimatch/glob), any application that feeds untrusted input to expand() directly or indirectly is exposed. No public exploit was identified at time of analysis, though the CVSS 4.0 threat metric (E:P) indicates proof-of-concept maturity; the issue is not in CISA KEV.
Remote code execution in HKUDS Vibe-Trading before 0.1.10 is reachable via a DNS-rebinding attack against its local API server, which trusts the TCP peer address to waive the API_AUTH_KEY bearer-token check for loopback clients, performs no Host-header validation, and binds to 0.0.0.0 with credentialed CORS by default. Because loopback requests also auto-enable shell tools, a malicious web page visited by the victim can issue authenticated POST /swarm/runs calls with a built-in preset that permits the bash tool, executing arbitrary commands as the API process user and also overwriting LLM and data-source settings to redirect provider traffic and exfiltrate credentials. No CISA KEV listing or EPSS score was provided and no public exploit identified at time of analysis, though the issue was reported by VulnCheck.
Detection bypass leading to arbitrary code execution in picklescan before 0.0.30 allows attackers to smuggle malicious payloads past the scanner by abusing the doctest.debug_script function, which picklescan's analyzer does not recognize as dangerous. Because picklescan is used to vet untrusted pickle/ML model files before loading, a crafted pickle marked 'safe' will execute attacker commands the moment pickle.load is invoked. There is no public exploit identified at time of analysis, and this is not listed in CISA KEV, but the technique is well-understood and was disclosed by VulnCheck.
Arbitrary code execution bypass in picklescan before 0.0.29 lets attackers smuggle malicious Python pickle files past the scanner by abusing the built-in profile.Profile.run function inside a pickle __reduce__ method, which picklescan's blocklist fails to flag. Because picklescan is a defensive ML supply-chain tool meant to certify pickle/model files as safe, the flaw is a security-control evasion: a file marked 'clean' executes attacker code on deserialization. No public exploit is identified at time of analysis, and it is not in CISA KEV; the CVSS 4.0 base score is 7.6 (High).
Detection bypass in picklescan before 0.0.29 allows attackers to smuggle arbitrary-code payloads past the scanner by abusing Python's built-in trace.Trace.runctx in a pickle reduce method, so a malicious model/pickle file is rated safe yet executes code when later deserialized with pickle.load(). picklescan is a security scanner used to vet untrusted ML pickle files (notably in the Hugging Face ecosystem), so this failure defeats the very control teams rely on to catch malicious models. No public exploit identified at time of analysis and the issue is not in CISA KEV; reported by VulnCheck with a CVSS 4.0 base score of 7.6.
Scanner-detection bypass in picklescan before 0.0.30 lets a crafted pickle file evade malicious-code detection and execute arbitrary code on deserialization. The tool - a Python security scanner used to vet untrusted pickle/ML model files - fails to flag `cProfile.run` calls embedded in a pickle object's `__reduce__` method, so a payload routed through `cProfile.run` passes the scan and then runs when the file is loaded. Reported by VulnCheck (CWE-502); no public exploit identified at time of analysis and it is not in CISA KEV.
Malicious pickle detection bypass in picklescan before 0.0.29 lets attackers smuggle arbitrary code execution payloads past the scanner by abusing the built-in trace.Trace.run function inside a pickle's __reduce__ method. Because picklescan does not flag trace.Trace.run as a dangerous global, a crafted model/pickle file is reported as safe yet executes arbitrary code when later deserialized via pickle.load. No public exploit identified at time of analysis; this is a classic deny-list gap in a security scanner that defenders rely on to gate untrusted ML artifacts.