Skip to main content
CVE-2026-13832 HIGH PATCH This Week

Sandbox escape in Google Chrome's Headless component (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox by serving a crafted HTML page. Rated High by Chromium and CVSS 8.3, it is a CWE-416 use-after-free with no public exploit identified at time of analysis; EPSS is low at 0.21% (11th percentile) and CISA SSVC records no known exploitation.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13829 HIGH PATCH This Week

Insufficient validation of untrusted input in Settings in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Information Disclosure Microsoft Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13823 HIGH PATCH This Week

Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13813 HIGH PATCH This Week

Sandbox escape in Google Chrome for iOS prior to 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page, escalating from renderer-level code execution to broader access on the device. The flaw stems from insufficient policy enforcement (CWE-20) and carries a High Chromium severity rating with a CVSS 8.3 (scope-changed) score. There is no public exploit identified at time of analysis and it is not in CISA KEV; EPSS probability is low at 0.21% (11th percentile).

Information Disclosure Apple Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13804 HIGH PATCH This Week

Sandbox escape in Google Chrome's Chromecast component (versions before 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the browser sandbox and reach the host via a crafted HTML page. Rooted in a use-after-free (CWE-416) memory-corruption bug rated High by Chromium, it carries a CVSS 8.3 driven by a scope change and full CIA impact, but requires a pre-existing renderer compromise, high attack complexity, and user interaction. No public exploit identified at time of analysis, and the low EPSS (0.21%) plus SSVC 'exploitation: none' indicate it is not currently being exploited.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13801 HIGH PATCH This Week

Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14151 HIGH PATCH This Week

Sandbox escape in Google Chrome desktop before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the security sandbox using a crafted HTML page, elevating from a contained renderer to broader host access. Rooted in CWE-669 (incorrect resource transfer between spheres) within Chrome's AI component, it carries a CVSS 8.3 (scope-changed) rating despite Google's own 'Low' Chromium severity, reflecting the fact that it is a second-stage escape rather than a standalone entry point. There is no public exploit identified at time of analysis, EPSS exploitation probability is low (0.17%, 7th percentile), and it is not listed in CISA KEV.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-58013 HIGH PATCH This Week

Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library prior to version 2.88.1, where an application that configures a multi-byte custom line terminator triggers memcmp to read past the end of the internal GString buffer. Depending on memory layout, this leaks up to 7 bytes of adjacent heap memory (minor information disclosure) or crashes the process when the over-read crosses an unmapped page boundary (denial of service). There is no public exploit identified at time of analysis, EPSS is low (0.27%), and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-58012 HIGH PATCH This Week

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. There is no public exploit identified at time of analysis and EPSS is low (0.26%, 18th percentile), but the flaw is broadly reachable because GLib underpins the GNOME stack and ships across Red Hat Enterprise Linux 6-10.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-58010 HIGH PATCH This Week

Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory and to crash applications that deserialise untrusted GVariant data. The flaw sits in gvs_tuple_is_normal() in glib/gvariant-serialiser.c, where an alignment-padding bounds check uses '>' instead of '>=', reading one byte past the buffer; when that byte falls across a page boundary the process faults, producing a denial of service. No public exploit identified at time of analysis, and EPSS is low (0.26%), but GLib's near-universal presence on Linux systems makes the exposure broad.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-54673 HIGH This Week

Credential leakage in electron-updater (the auto-update component of electron-builder / builder-util-runtime) before 9.7.0 allows an attacker controlling a redirect target to harvest update-feed credentials. The HTTP redirect handler only stripped a header keyed exactly as lowercase "authorization", so PRIVATE-TOKEN (GitLab personal access tokens) and mixed-case Authorization (GitLab Bearer/OAuth) headers were forwarded to attacker-controlled cross-origin redirect destinations. There is no public exploit identified at time of analysis, but the upstream fix is published in version 9.7.0.

Gitlab Information Disclosure Electron Builder Builder Util Runtime
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.2%
CVE-2026-10564 HIGH This Week

Server-Side Request Forgery in IBM Langflow OSS 1.0.0 through 1.9.6 lets an attacker coerce the application into making arbitrary HTTP requests via the legacy RSSReaderComponent (rss.py) and the SearXNG component (searxng.py), which fetch user-controlled URLs without validation. These two components bypass the SSRF protections that were added in version 1.9.3, allowing reach into internal resources such as AWS/Azure/GCP instance metadata (IMDS) to steal IAM credentials and enumerate internal networks. The flaw is reachable directly by an authenticated user and indirectly through prompt injection in agentic workflows because the components are exposed with tool_mode=True; no public exploit identified at time of analysis.

SSRF IBM Microsoft Langflow
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-49877 HIGH PATCH This Week

Privilege escalation via improper authorization in Apache ActiveMQ before 5.19.8 and 6.0.0 before 6.2.7 lets an authenticated low-privilege Web Console user reach the administrative /admin/* paths that should be restricted to administrators. The flaw stems from default Jetty configuration that failed to scope those paths to admin roles, granting low-priv users administrative Web Console functionality. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Apache Apache Activemq
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-13787 HIGH PATCH This Week

Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Windows affects all desktop builds prior to 150.0.7871.47, where a use-after-free (CWE-416) lets a remote attacker corrupt memory via malicious network traffic. Google rates the Chromium severity Critical, and a vendor patch is available, but there is no public exploit identified at time of analysis and EPSS is low at 0.24%. High attack complexity (AC:H) means the memory-corruption race is non-trivial to win reliably, tempering the CVSS 8.1 score.

Memory Corruption Google Microsoft Denial Of Service Use After Free +2
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13779 HIGH PATCH This Week

Remote code execution in Google Chrome on ChromeOS (versions prior to 150.0.7871.47) stems from a use-after-free in the Chromoting (Chrome Remote Desktop) component, letting a remote attacker corrupt memory and execute arbitrary code through malicious network traffic. Google rates the Chromium severity as Critical, and CVSS scores it 8.1 with a high attack complexity. As of this analysis there is no public exploit identified and it is not listed in CISA KEV; EPSS is low at 0.24% (15th percentile), and SSVC records exploitation status as none.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-10816 HIGH PATCH NEWS This Week

Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network retrieve sensitive files from the appliance when the NSIP, Cluster Management IP, or a SNIP has management access enabled. The flaw (CWE-73, external control of file name or path) carries a CVSS 4.0 base score of 7.1 with high confidentiality impact, and no public exploit identified at time of analysis. Exposure is gated by the management interface being reachable, which limits but does not eliminate risk given NetScaler's history of attacker targeting.

Citrix Information Disclosure Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-13806 HIGH PATCH This Week

Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Authentication Bypass Google Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13819 HIGH PATCH This Week

Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Google Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13974 HIGH PATCH This Week

Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)

Buffer Overflow Google Suse
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13799 HIGH PATCH This Week

Heap corruption in Google Chrome's QUIC networking stack (versions prior to 150.0.7871.47) stems from a use-after-free that a remote attacker can trigger through crafted network traffic, potentially leading to arbitrary code execution in the affected browser process. Google rated the Chromium security severity as High and has shipped a fixed Stable-channel build; there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as 'none'. EPSS is low (0.19%, 9th percentile), indicating no observed weaponization despite a total technical-impact rating.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-14122 HIGH PATCH This Week

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Microsoft Google Suse
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-14090 HIGH PATCH This Week

Out-of-bounds memory read in the CameraCapture component of Google Chrome on ChromeOS (versions prior to 150.0.7871.47) lets a remote attacker leak adjacent process memory when a victim opens a crafted HTML page. No public exploit identified at time of analysis, and EPSS is low (0.17%), but the flaw is marked automatable by CISA SSVC. Note a signal conflict: the NVD CVSS is 8.1 (high) while Google rates the Chromium security severity as Low.

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-14011 HIGH PATCH This Week

Out-of-bounds memory read in the SurfaceCapture component of Google Chrome before 150.0.7871.47 lets a remote attacker leak adjacent heap memory when a victim opens a crafted HTML page. Chromium rated the flaw Medium severity, though the associated CVSS is 8.1; there is no public exploit identified at time of analysis and EPSS estimates exploitation probability at just 0.17% (7th percentile), consistent with a browser bug fixed pre-disclosure. Successful exploitation could disclose sensitive in-process data or crash the renderer, and typically serves as one link in a larger sandbox-escape chain rather than standalone compromise.

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-9263 HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS Bluetooth controller's ISO Adaptation Layer (isoal.c) lets an adjacent attacker leak controller memory to the HCI host and potentially crash the device. A malicious CIS peer or a broadcaster the device is BIS-synced to sends a framed ISO PDU whose start-segment length field is 0-2, causing a uint8_t underflow (len-3 → 253-255) that copies up to ~255 bytes past the received PDU into an HCI ISO packet. Publicly available exploit code exists (SSVC: poc); it is not listed in CISA KEV, and EPSS is low at 0.17%, indicating no evidence of widespread active exploitation.

Denial Of Service Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13774 HIGH PATCH This Week

Arbitrary code execution in Google Chrome desktop versions prior to 150.0.7871.47 stems from a use-after-free flaw in the Extensions component, which Chromium rated Critical severity. An attacker who convinces a victim to install a malicious extension can trigger the dangling-pointer condition through a crafted extension to run arbitrary code in the affected process. There is no public exploit identified at time of analysis, EPSS is low (0.16%, 6th percentile), and CISA/SSVC records no observed exploitation.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-10653 HIGH PATCH This Week

Non-atomic reference-count manipulation in the Zephyr RTOS net_buf library (lib/net_buf/buf.c) allows a double-free/use-after-free when a single buffer is shared and independently unref'd across concurrent contexts. Because buf->ref and the per-data-block ref_count were incremented/decremented with plain C operators despite the API being documented as self-synchronizing, two holders racing net_buf_unref() under SMP or single-core preemption can each conclude they hold the last reference, causing a double k_heap_free()/k_free() (heap-metadata corruption and UAF on heap-hardening poison) for heap/variable-data pools, or a double return to the pool free list for any pool type. All Zephyr releases through v4.4.0 are affected; no public exploit is identified at time of analysis and EPSS risk is low (0.16%, 6th percentile).

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13791 HIGH PATCH This Week

Arbitrary code execution in Google Chrome desktop before 150.0.7871.47 arises from insufficient input validation in the Downloads component, letting a crafted Chrome extension break out of its intended sandbox constraints. An attacker who first convinces a victim to install a malicious extension can leverage the flaw to run arbitrary code, which Chromium rates High severity. No public exploit has been identified at time of analysis and EPSS is low (0.15%, 5th percentile), indicating no observed widespread exploitation.

RCE Google Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-14111 HIGH PATCH This Week

Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-14032 HIGH PATCH This Week

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-13864 HIGH PATCH This Week

Privilege escalation in Google Chrome desktop prior to 150.0.7871.47 stems from insufficient policy enforcement in the WebHID subsystem, letting a maliciously crafted extension escape its intended boundaries and gain elevated access to human-interface devices and browser privileges. Exploitation first requires convincing a victim to install the malicious extension, after which a crafted Chrome Extension bypasses WebHID access controls. Chromium rates the issue Medium; no public exploit is identified at time of analysis and EPSS exploitation probability is low (0.13%, 3rd percentile).

Authentication Bypass Privilege Escalation Google Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-12240 HIGH This Week

Arbitrary file deletion in the Export User Data plugin for WordPress (versions up to and including 2.2.6) allows an authenticated subscriber-level attacker to delete any file on the server, including wp-config.php, which can escalate to remote code execution. The flaw stems from unsafe deserialization of a PHP object embedded in a user's display name that is processed when an administrator exports user data. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; exploitation is gated by required administrator interaction.

WordPress Deserialization RCE PHP Export User Data
NVD VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-10817 MEDIUM PATCH NEWS This Month

Memory overread in Citrix NetScaler ADC and NetScaler Gateway exposes low-confidence partial memory contents to unauthenticated remote attackers when TCP TimeStamp processing is triggered against a misconfigured or specifically configured TCP Profile. The vulnerability is rooted in insufficient input validation (CWE-125) within the TCP TimeStamp handling code path, affecting virtual servers of type Load Balancer, Content Switching, and VPN, as well as configured services. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, though the network-accessible, zero-privilege attack vector warrants prompt patching given NetScaler's broad enterprise deployment.

Citrix Buffer Overflow Information Disclosure Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-24815 HIGH PATCH This Week

Arbitrary file upload in Nokia MantaRay NM (network management) prior to 25R2-NM allows an authenticated, low-privileged attacker to bypass insufficient file-type validation and place malicious files on the host, leading to full compromise of confidentiality, integrity, and availability (CVSS 7.8). The flaw is a CWE-434 unrestricted upload; the CVSS vector specifies a local attack vector (AV:L) rather than remote network exploitation. No public exploit identified at time of analysis, and the EPSS score is very low (0.18%, 7th percentile).

Nokia File Upload Mantaray Nm
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-7406 HIGH This Week

Local privilege escalation in Nokia MantaRay NM (network management) lets an attacker who already holds local administrative privileges abuse a misconfigured sudo command set to obtain full root access on the host, gaining complete control of the filesystem and arbitrary root command execution. The flaw was reported by Nokia and affects versions prior to NM 25R1-NM, with no public exploit identified at time of analysis and a low EPSS exploitation probability of 0.17%.

Privilege Escalation Nokia Mantaray Nm
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-13778 HIGH PATCH This Week

Local arbitrary code execution in Google Chrome for macOS (versions prior to 150.0.7871.47) stems from a use-after-free in the WebUSB implementation, which Chromium rates Critical. A local attacker who can present a malicious USB peripheral to a victim who authorizes it can corrupt renderer memory and run attacker-controlled code within the browser's context. There is no public exploit identified at time of analysis, and EPSS is low (0.16%, 5th percentile), reflecting limited likelihood of widespread opportunistic exploitation.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-14060 HIGH PATCH This Week

Local privilege escalation in Google Chrome's Chromoting (Chrome Remote Desktop) component on Windows before 150.0.7871.47 allows a local attacker who plants a malicious file to elevate privileges after the victim interacts with it. The flaw stems from insufficient validation of untrusted input (CWE-20) and carries a 7.8 CVSS but was rated Low severity by Chromium's own team. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.13%, 3rd percentile), consistent with a local, interaction-dependent issue rather than a mass-exploitable one.

Privilege Escalation Microsoft Google Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13844 HIGH PATCH This Week

Local OS-level privilege escalation in Google Chrome on Windows (versions prior to 150.0.7871.47) arises from a use-after-free in the Chrome Updater component, letting a local attacker who can plant a malicious file on the system elevate to higher OS privileges. Google rates the Chromium severity as High and has released a fixed Stable channel build; there is no public exploit identified and it is not listed in CISA KEV. EPSS is low at 0.13% (3rd percentile), consistent with a bug that requires local access and user interaction rather than mass remote exploitation.

Memory Corruption Google Microsoft Denial Of Service Use After Free +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13827 HIGH PATCH This Week

Local privilege escalation in Google Chrome's Updater component on macOS versions prior to 150.0.7871.47 lets an attacker abuse a use-after-free (CWE-416) via a malicious file to gain the elevated privileges under which the updater runs. Google rates the Chromium severity as High, and the CVSS 3.1 base score is 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low at 0.13% (3rd percentile), consistent with the SSVC exploitation status of 'none'.

Memory Corruption Google Denial Of Service Use After Free Privilege Escalation +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-54672 HIGH This Week

Local arbitrary code execution in electron-builder (app-builder-lib) AppImage targets prior to 26.15.0 occurs because an empty path component in the runtime-set LD_LIBRARY_PATH adds the current working directory to the dynamic linker search path, letting an attacker who can plant a malicious shared library in the AppImage's launch directory hijack library loading. The flaw affects Linux AppImage bundles produced by app-builder-lib (the packaging engine behind electron-builder/electron-updater) and is fixed in 26.15.0. No public exploit identified at time of analysis; CVSS 7.8 reflects high local impact rather than remote exposure.

RCE Electron Builder App Builder Lib
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13927 HIGH PATCH This Week

Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

Privilege Escalation Google Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13863 HIGH PATCH This Week

Privilege escalation in Google Chrome for Android (CustomTabs) prior to 150.0.7871.47 allows a local attacker to escalate privileges by supplying a malicious file that CustomTabs fails to validate properly. Google rates the Chromium severity as Medium, and the requirement for user interaction plus local access limits remote mass exploitation. No public exploit has been identified at time of analysis and the EPSS score is very low (0.13%, 3rd percentile), so opportunistic exploitation appears unlikely.

Privilege Escalation Google Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13800 HIGH PATCH This Week

Local privilege escalation in the Google Chrome Updater on Windows (versions prior to 150.0.7871.47) allows a local attacker to gain OS-level privileges by planting a malicious file that the Updater component mishandles. Rated High by Chromium and CVSS 7.8, exploitation requires local access plus user interaction; there is no public exploit identified at time of analysis, and EPSS is low at 0.13% (3rd percentile). A vendor patch is available in the June 2026 Stable Channel release.

Authentication Bypass Privilege Escalation Microsoft Google Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-14124 HIGH PATCH This Week

OS-level privilege escalation in Google Chrome for Windows before 150.0.7871.47 lets a local attacker leverage an inappropriate implementation in the CredentialProvider component to elevate privileges via a malicious file. Exploitation requires local access plus user interaction (UI:R), and though Google rated the Chromium security severity 'Low', the CVSS 3.1 base score is 7.8 (High) due to full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and the EPSS probability is very low at 0.11% (2nd percentile).

Privilege Escalation Microsoft Google Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-14094 HIGH PATCH This Week

Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)

Memory Corruption Google Microsoft Denial Of Service Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-14018 HIGH PATCH This Week

Local privilege escalation in Google Chrome's Updater component on Windows (versions prior to 150.0.7871.47) allows a local attacker to escalate to OS-level privileges via a malicious file that triggers a use-after-free condition. Google rates the Chromium security severity as Medium, though the CVSS base score is 7.8 (High) because the Updater runs with elevated (SYSTEM) privileges. There is no public exploit identified at time of analysis and EPSS is very low (0.11%, 1st percentile), indicating negligible observed exploitation activity.

Memory Corruption Google Microsoft Denial Of Service Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-58168 HIGH PATCH This Week

Privilege escalation via missing authorization in HKUDS DeepTutor before 1.4.10 lets any authenticated low-privilege user invoke deployment-wide MCP (Model Context Protocol) tools they were never granted. The root cause is the allowed_mcp_tools function in deeptutor/multi_user/tool_access.py returning None (interpreted as 'allow all') instead of a denied result when the mcp_tools key is omitted from a user's grant, so a regular user - or prompt-injected content running inside their session - can enumerate and call filesystem, shell, and browser MCP servers. No public exploit is identified at the time of analysis and it is not in CISA KEV, but a vendor patch (v1.4.10) is available and the issue was reported by VulnCheck.

Authentication Bypass Deeptutor
NVD GitHub
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-13149 HIGH PATCH This Week

{}' brace groups to the expand() function, whose recursion is exponential in the number of such groups. Because brace-expansion is a near-ubiquitous transitive dependency (notably via minimatch/glob), any application that feeds untrusted input to expand() directly or indirectly is exposed. No public exploit was identified at time of analysis, though the CVSS 4.0 threat metric (E:P) indicates proof-of-concept maturity; the issue is not in CISA KEV.

Denial Of Service Brace Expansion Red Hat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-58169 HIGH PATCH This Week

Remote code execution in HKUDS Vibe-Trading before 0.1.10 is reachable via a DNS-rebinding attack against its local API server, which trusts the TCP peer address to waive the API_AUTH_KEY bearer-token check for loopback clients, performs no Host-header validation, and binds to 0.0.0.0 with credentialed CORS by default. Because loopback requests also auto-enable shell tools, a malicious web page visited by the victim can issue authenticated POST /swarm/runs calls with a built-in preset that permits the bash tool, executing arbitrary commands as the API process user and also overwriting LLM and data-source settings to redirect provider traffic and exfiltrate credentials. No CISA KEV listing or EPSS score was provided and no public exploit identified at time of analysis, though the issue was reported by VulnCheck.

RCE Vibe Trading
NVD GitHub
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-71368 HIGH PATCH This Week

Detection bypass leading to arbitrary code execution in picklescan before 0.0.30 allows attackers to smuggle malicious payloads past the scanner by abusing the doctest.debug_script function, which picklescan's analyzer does not recognize as dangerous. Because picklescan is used to vet untrusted pickle/ML model files before loading, a crafted pickle marked 'safe' will execute attacker commands the moment pickle.load is invoked. There is no public exploit identified at time of analysis, and this is not listed in CISA KEV, but the technique is well-understood and was disclosed by VulnCheck.

Deserialization RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.8%
CVE-2025-71374 HIGH PATCH This Week

Arbitrary code execution bypass in picklescan before 0.0.29 lets attackers smuggle malicious Python pickle files past the scanner by abusing the built-in profile.Profile.run function inside a pickle __reduce__ method, which picklescan's blocklist fails to flag. Because picklescan is a defensive ML supply-chain tool meant to certify pickle/model files as safe, the flaw is a security-control evasion: a file marked 'clean' executes attacker code on deserialization. No public exploit is identified at time of analysis, and it is not in CISA KEV; the CVSS 4.0 base score is 7.6 (High).

Deserialization Python RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.6%
Prev Page 5 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy