Skip to main content

CWE-474

Use of Function with Inconsistent Implementations

9 CVEs Avg CVSS 6.1 MITRE
0
CRITICAL
3
HIGH
5
MEDIUM
1
LOW
1
POC
0
KEV

Monthly

CVE-2026-11102 HIGH PATCH This Week

Arbitrary code execution within the Chrome sandbox affects Google Chrome desktop builds prior to 149.0.7827.53 due to an inappropriate implementation in the Isolated Web Apps (IWA) component. A remote attacker who convinces a user to open a malicious file can execute code confined to the sandbox process, with no public exploit identified at time of analysis and an EPSS score of only 0.03% (10th percentile) indicating low predicted exploitation likelihood. Google has shipped a fix in the stable channel update for desktop.

Google RCE Red Hat Suse Chrome
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-11097 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's WebView component on Android (versions prior to 149.0.7827.53) enables remote attackers to exfiltrate sensitive cross-origin data by directing victims to a specially crafted HTML page. The flaw resides in an inappropriate implementation within WebView (CWE-474), effectively undermining same-origin policy protections that normally isolate web content across origins - an attacker can read data they should not have access to. No public exploit has been identified at time of analysis, and an EPSS score of 0.03% (10th percentile) signals very low current exploitation probability; the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0902 HIGH PATCH This Week

Out-of-bounds memory read in Chrome's V8 JavaScript engine prior to version 144.0.7559.59 enables remote attackers to leak sensitive information through maliciously crafted web pages requiring only user interaction. The vulnerability affects all Chrome users and exposes high-impact confidentiality and integrity risks with no available patch at this time.

Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-7001 MEDIUM This Month

Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-5839 MEDIUM This Month

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1694 HIGH POC This Week

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Updater
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-2628 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-0294 MEDIUM This Month

A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2026-39894 LOW Monitor

Cacti, the open-source network monitoring and graphing solution, contains an unspecified vulnerability addressed in Alpine Linux package version 1.2.31-0. The vulnerability type, affected component, and attacker-accessible impact are not disclosed in the available intelligence. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, leaving severity and exploitation conditions uncharacterized from the data provided.

Information Disclosure Cacti
NVD GitHub
CVSS 3.1
2.5
EPSS
0.1%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution within the Chrome sandbox affects Google Chrome desktop builds prior to 149.0.7827.53 due to an inappropriate implementation in the Isolated Web Apps (IWA) component. A remote attacker who convinces a user to open a malicious file can execute code confined to the sandbox process, with no public exploit identified at time of analysis and an EPSS score of only 0.03% (10th percentile) indicating low predicted exploitation likelihood. Google has shipped a fix in the stable channel update for desktop.

Google RCE Red Hat +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's WebView component on Android (versions prior to 149.0.7827.53) enables remote attackers to exfiltrate sensitive cross-origin data by directing victims to a specially crafted HTML page. The flaw resides in an inappropriate implementation within WebView (CWE-474), effectively undermining same-origin policy protections that normally isolate web content across origins - an attacker can read data they should not have access to. No public exploit has been identified at time of analysis, and an EPSS score of 0.03% (10th percentile) signals very low current exploitation probability; the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Google Chrome
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory read in Chrome's V8 JavaScript engine prior to version 144.0.7559.59 enables remote attackers to leak sensitive information through maliciously crafted web pages requiring only user interaction. The vulnerability affects all Chrome users and exposes high-impact confidentiality and integrity risks with no available patch at this time.

Chrome Google Red Hat +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Updater
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
EPSS 0% CVSS 2.5
LOW Monitor

Cacti, the open-source network monitoring and graphing solution, contains an unspecified vulnerability addressed in Alpine Linux package version 1.2.31-0. The vulnerability type, affected component, and attacker-accessible impact are not disclosed in the available intelligence. No public exploit has been identified at time of analysis, and CISA KEV listing is absent, leaving severity and exploitation conditions uncharacterized from the data provided.

Information Disclosure Cacti
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy