Monthly
Skillable's hosted SCORM lab launch endpoint at scorm.skillable.com enforces per-user lab allocation limits against a client-supplied userId query parameter that is never validated against the authenticated SCORM session token, enabling any enrolled learner to bypass rate limits, provision concurrent cloud VM lab instances at the course provider's expense, and exhaust another enrolled user's lab or exam allocation to deny them access. The vulnerability (CWE-639) was confirmed against the reporter's own account and a consenting fellow student on 2026-05-03; the vendor subsequently acknowledged in a private customer advisory that exam allocations and another learner's active session details are also reachable via the same mechanism. No fix is planned for the SCORM launch path; the vendor characterises the weakness as an inherent SCORM limitation and recommends migration to API or LTI 1.3 integrations. No public exploit code has been released, but the attack technique is trivially reproducible by any enrolled student with a proxy.
Ghost CMS versions 6.27.0 through 6.43.x permit unauthenticated attackers to manipulate donation checkout metadata, enabling acquisition of full paid gift memberships for a minimal payment. The flaw, classified as CWE-472 (External Control of Assumed-Immutable Web Parameter), stems from the server trusting client-controlled parameters in the public-facing checkout flow that should be server-authoritative. No active exploitation is confirmed (not in CISA KEV) and no public exploit has been identified; the vendor released a fix in version 6.44.0.
Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is an integer overflow in V8, rated High by Chromium and scored CVSS 8.8; exploitation requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none, indicating no observed in-the-wild activity yet.
Sandbox escape in Google Chrome's Skia graphics library (versions before 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Medium by Chromium but scored CVSS 8.3 due to scope change and total impact; there is no public exploit identified at time of analysis and SSVC reports no observed exploitation. Realistically it is a second-stage bug that must be chained with a prior renderer compromise, which raises the practical difficulty.
Sandbox escape in Google Chrome's Skia graphics library affects all desktop builds prior to 150.0.7871.46, where an integer overflow triggered by a crafted HTML page can break out of the renderer sandbox into the more-privileged browser process. A remote attacker who lures a victim to a malicious page could potentially compromise the host beyond the rendering sandbox. There is no public exploit identified at time of analysis, and CISA SSVC scores exploitation as 'none'.
Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Integer overflow in the WebNN component of Google Chrome prior to 150.0.7871.47 allows an unauthenticated remote attacker to read potentially sensitive data from Chrome's process memory. Exploitation requires convincing a victim to visit a crafted HTML page, placing this in the class of user-interaction-dependent browser memory disclosure vulnerabilities. No public exploit code exists and CISA has not listed this in KEV; SSVC rates exploitation as 'none' and Chromium's own triage assigns 'Low' severity, suggesting the disclosed memory is constrained in practice.
Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Skillable's hosted SCORM lab launch endpoint at scorm.skillable.com enforces per-user lab allocation limits against a client-supplied userId query parameter that is never validated against the authenticated SCORM session token, enabling any enrolled learner to bypass rate limits, provision concurrent cloud VM lab instances at the course provider's expense, and exhaust another enrolled user's lab or exam allocation to deny them access. The vulnerability (CWE-639) was confirmed against the reporter's own account and a consenting fellow student on 2026-05-03; the vendor subsequently acknowledged in a private customer advisory that exam allocations and another learner's active session details are also reachable via the same mechanism. No fix is planned for the SCORM launch path; the vendor characterises the weakness as an inherent SCORM limitation and recommends migration to API or LTI 1.3 integrations. No public exploit code has been released, but the attack technique is trivially reproducible by any enrolled student with a proxy.
Ghost CMS versions 6.27.0 through 6.43.x permit unauthenticated attackers to manipulate donation checkout metadata, enabling acquisition of full paid gift memberships for a minimal payment. The flaw, classified as CWE-472 (External Control of Assumed-Immutable Web Parameter), stems from the server trusting client-controlled parameters in the public-facing checkout flow that should be server-authoritative. No active exploitation is confirmed (not in CISA KEV) and no public exploit has been identified; the vendor released a fix in version 6.44.0.
Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is an integer overflow in V8, rated High by Chromium and scored CVSS 8.8; exploitation requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none, indicating no observed in-the-wild activity yet.
Sandbox escape in Google Chrome's Skia graphics library (versions before 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Medium by Chromium but scored CVSS 8.3 due to scope change and total impact; there is no public exploit identified at time of analysis and SSVC reports no observed exploitation. Realistically it is a second-stage bug that must be chained with a prior renderer compromise, which raises the practical difficulty.
Sandbox escape in Google Chrome's Skia graphics library affects all desktop builds prior to 150.0.7871.46, where an integer overflow triggered by a crafted HTML page can break out of the renderer sandbox into the more-privileged browser process. A remote attacker who lures a victim to a malicious page could potentially compromise the host beyond the rendering sandbox. There is no public exploit identified at time of analysis, and CISA SSVC scores exploitation as 'none'.
Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Integer overflow in the WebNN component of Google Chrome prior to 150.0.7871.47 allows an unauthenticated remote attacker to read potentially sensitive data from Chrome's process memory. Exploitation requires convincing a victim to visit a crafted HTML page, placing this in the class of user-interaction-dependent browser memory disclosure vulnerabilities. No public exploit code exists and CISA has not listed this in KEV; SSVC rates exploitation as 'none' and Chromium's own triage assigns 'Low' severity, suggesting the disclosed memory is constrained in practice.
Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)