Skip to main content

CWE-472

External Control of Assumed-Immutable Web Parameter

125 CVEs Avg CVSS 7.5 MITRE
15
CRITICAL
68
HIGH
38
MEDIUM
3
LOW
6
POC
1
KEV

Monthly

CVE-2026-56877 MEDIUM This Month

Skillable's hosted SCORM lab launch endpoint at scorm.skillable.com enforces per-user lab allocation limits against a client-supplied userId query parameter that is never validated against the authenticated SCORM session token, enabling any enrolled learner to bypass rate limits, provision concurrent cloud VM lab instances at the course provider's expense, and exhaust another enrolled user's lab or exam allocation to deny them access. The vulnerability (CWE-639) was confirmed against the reporter's own account and a consenting fellow student on 2026-05-03; the vendor subsequently acknowledged in a private customer advisory that exam allocations and another learner's active session details are also reachable via the same mechanism. No fix is planned for the SCORM launch path; the vendor characterises the weakness as an inherent SCORM limitation and recommends migration to API or LTI 1.3 integrations. No public exploit code has been released, but the attack technique is trivially reproducible by any enrolled student with a proxy.

Denial Of Service
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2026-59817 MEDIUM PATCH This Month

Ghost CMS versions 6.27.0 through 6.43.x permit unauthenticated attackers to manipulate donation checkout metadata, enabling acquisition of full paid gift memberships for a minimal payment. The flaw, classified as CWE-472 (External Control of Assumed-Immutable Web Parameter), stems from the server trusting client-controlled parameters in the public-facing checkout flow that should be server-authoritative. No active exploitation is confirmed (not in CISA KEV) and no public exploit has been identified; the vendor released a fix in version 6.44.0.

Node.js Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-14430 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is an integer overflow in V8, rated High by Chromium and scored CVSS 8.8; exploitation requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none, indicating no observed in-the-wild activity yet.

RCE Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-14389 HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library (versions before 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Medium by Chromium but scored CVSS 8.3 due to scope change and total impact; there is no public exploit identified at time of analysis and SSVC reports no observed exploitation. Realistically it is a second-stage bug that must be chained with a prior renderer compromise, which raises the practical difficulty.

Buffer Overflow Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14387 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Skia graphics library affects all desktop builds prior to 150.0.7871.46, where an integer overflow triggered by a crafted HTML page can break out of the renderer sandbox into the more-privileged browser process. A remote attacker who lures a victim to a malicious page could potentially compromise the host beyond the rendering sandbox. There is no public exploit identified at time of analysis, and CISA SSVC scores exploitation as 'none'.

Buffer Overflow Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14391 MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Microsoft Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-14069 MEDIUM PATCH This Month

Integer overflow in the WebNN component of Google Chrome prior to 150.0.7871.47 allows an unauthenticated remote attacker to read potentially sensitive data from Chrome's process memory. Exploitation requires convincing a victim to visit a crafted HTML page, placing this in the class of user-interaction-dependent browser memory disclosure vulnerabilities. No public exploit code exists and CISA has not listed this in KEV; SSVC rates exploitation as 'none' and Chromium's own triage assigns 'Low' severity, suggesting the disclosed memory is constrained in practice.

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-13974 HIGH PATCH This Week

Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)

Buffer Overflow Google Suse
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13938 HIGH PATCH This Week

Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13841 HIGH PATCH This Week

Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
EPSS 0% CVSS 6.3
MEDIUM This Month

Skillable's hosted SCORM lab launch endpoint at scorm.skillable.com enforces per-user lab allocation limits against a client-supplied userId query parameter that is never validated against the authenticated SCORM session token, enabling any enrolled learner to bypass rate limits, provision concurrent cloud VM lab instances at the course provider's expense, and exhaust another enrolled user's lab or exam allocation to deny them access. The vulnerability (CWE-639) was confirmed against the reporter's own account and a consenting fellow student on 2026-05-03; the vendor subsequently acknowledged in a private customer advisory that exam allocations and another learner's active session details are also reachable via the same mechanism. No fix is planned for the SCORM launch path; the vendor characterises the weakness as an inherent SCORM limitation and recommends migration to API or LTI 1.3 integrations. No public exploit code has been released, but the attack technique is trivially reproducible by any enrolled student with a proxy.

Denial Of Service
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Ghost CMS versions 6.27.0 through 6.43.x permit unauthenticated attackers to manipulate donation checkout metadata, enabling acquisition of full paid gift memberships for a minimal payment. The flaw, classified as CWE-472 (External Control of Assumed-Immutable Web Parameter), stems from the server trusting client-controlled parameters in the public-facing checkout flow that should be server-authoritative. No active exploitation is confirmed (not in CISA KEV) and no public exploit has been identified; the vendor released a fix in version 6.44.0.

Node.js Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is an integer overflow in V8, rated High by Chromium and scored CVSS 8.8; exploitation requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none, indicating no observed in-the-wild activity yet.

RCE Google Suse
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library (versions before 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Medium by Chromium but scored CVSS 8.3 due to scope change and total impact; there is no public exploit identified at time of analysis and SSVC reports no observed exploitation. Realistically it is a second-stage bug that must be chained with a prior renderer compromise, which raises the practical difficulty.

Buffer Overflow Google Suse
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Skia graphics library affects all desktop builds prior to 150.0.7871.46, where an integer overflow triggered by a crafted HTML page can break out of the renderer sandbox into the more-privileged browser process. A remote attacker who lures a victim to a malicious page could potentially compromise the host beyond the rendering sandbox. There is no public exploit identified at time of analysis, and CISA SSVC scores exploitation as 'none'.

Buffer Overflow Google Suse
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Microsoft Google +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in the WebNN component of Google Chrome prior to 150.0.7871.47 allows an unauthenticated remote attacker to read potentially sensitive data from Chrome's process memory. Exploitation requires convincing a victim to visit a crafted HTML page, placing this in the class of user-interaction-dependent browser memory disclosure vulnerabilities. No public exploit code exists and CISA has not listed this in KEV; SSVC rates exploitation as 'none' and Chromium's own triage assigns 'Low' severity, suggesting the disclosed memory is constrained in practice.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)

Buffer Overflow Google Suse
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Buffer Overflow Google Suse
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Suse
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy