Skip to main content

Google

13977 CVEs vendor

Monthly

CVE-2026-0268 MEDIUM PATCH This Month

Security control bypass in Palo Alto Networks Prisma Access Agent for Linux enables a local, low-privileged attacker to route network traffic outside the VPN tunnel, undermining the core data-in-transit protection the agent is designed to enforce. Only Linux deployments are affected - Windows, macOS, iOS, Android, and ChromeOS are explicitly not impacted. No public exploit code exists at time of analysis and this vulnerability is not listed in the CISA KEV catalog, but the CVSS 4.0 confidentiality impact is rated High due to the exposure of unencrypted traffic to untrusted network paths.

Authentication Bypass Microsoft Google Apple Prisma Access Agent
NVD VulDB
CVSS 4.0
4.4
EPSS
0.0%
CVE-2026-7516 MEDIUM PATCH This Month

Clipboard hijacking in Lenovo's built-in Android browser application allows a malicious website to silently overwrite system clipboard contents on affected devices. The vulnerability impacts Lenovo Android tablets distributed exclusively in the Chinese market, enabling a network-based attacker to manipulate clipboard data when a user visits a crafted website. No confirmed active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; EPSS data was not provided in available intelligence.

Information Disclosure Google Lenovo
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-49396 Go HIGH PATCH GHSA This Week

Cross-site request forgery in the Nezha monitoring dashboard (versions >= 1.0.0, < 2.0.14) allows remote attackers to force a logged-in user's browser to trigger any of the victim's existing cron tasks via a GET navigation to /api/v1/cron/:id/manual, causing the stored command to be dispatched to the victim's online agents. The flaw stems from a state-changing GET endpoint protected only by a SameSite=Lax JWT cookie with no CSRF token, Origin/Referer check, or Fetch Metadata guard. No public exploit identified at time of analysis beyond the reporter's safe Go-test proof; the issue is not in CISA KEV.

CSRF Google
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-48032 npm HIGH PATCH GHSA This Week

Detection bypass in @hulumi/policies versions prior to 1.4.0 allows IAM trust policies that list multiple OIDC federated providers to evade the G_OIDC_1 and G_OIDC_2 policy checks for GitHub Actions OIDC roles. Consumers of HulumiHardeningPack or HulumiGithubHardeningPack can therefore ship roles with wildcard sub: conditions - assumable by untrusted forked-PR workflows - while the validator falsely reports compliance, including missing the AdministratorAccess blast-radius flag. No public exploit identified at time of analysis, and there is no CISA KEV listing.

Information Disclosure Google
NVD GitHub
EPSS
0.0%
CVE-2026-45649 HIGH This Week

Local spoofing in Microsoft Office for Android lets an unauthorized attacker manipulate trust-affecting content or identity indicators after a user interacts with malicious input on the device. The CVSS 7.1 score reflects high confidentiality and integrity impact with no special privileges required, though the local attack vector and required user interaction limit remote exploitability. No public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Authentication Bypass Google Microsoft Excel Powerpoint +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-42835 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Teams for Android allows an authenticated remote attacker to extract sensitive data via an injection flaw (CWE-74) in output passed to a downstream component. The CVSS 8.1 rating reflects high confidentiality and availability impact over the network with low privileges and no user interaction, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Microsoft Teams
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-11701 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Guest View component prior to 149.0.7827.103 enables a remote unauthenticated attacker to deceive users about page content or origin by delivering a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms exploitation requires no privileges and no special network position, but does require the victim to visit a malicious page. With an EPSS score of 0.05% at the 15th percentile and no CISA KEV listing, real-world exploitation is currently assessed as low probability, though the zero-friction delivery mechanism (a link) keeps the attack surface broad.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-11700 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the Tracing component, triggered through a crafted HTML page. No public exploit identified at time of analysis, and SSVC indicates exploitation status is 'none', but the technical impact is rated total because a successful escape grants code execution at browser-process privileges. Google has shipped a fix and rates the underlying Chromium severity as Medium, while the assigned CVSS is 8.3 due to scope change and high CIA impact.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11699 HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 149.0.7827.103 can be triggered remotely through a crafted HTML page that exploits a use-after-free condition in the browser's Bluetooth component. Successful exploitation requires the victim to visit attacker-controlled content but no authentication, and Google has rated the underlying Chromium severity as High with no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11698 HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 149.0.7827.103 allows remote attackers to potentially execute arbitrary code by luring a victim to a crafted HTML page that triggers a use-after-free in the browser's Bluetooth component. Google has released a patched stable channel update, and while no public exploit has been identified at time of analysis, the CVSS 8.8 score reflects the high impact achievable with only a single user click. CISA SSVC currently scores exploitation as 'none' but technical impact as 'total', consistent with a serious but not yet weaponized browser flaw.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11697 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker to break out of the browser's renderer sandbox via a crafted HTML page that exploits insufficient input validation in the UI layer. The scope-changing CVSS 9.6 reflects that successful exploitation crosses the sandbox security boundary, though user interaction (visiting a malicious page) is required. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV, but Google rates the underlying Chromium severity as High.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11696 MEDIUM PATCH This Month

Uninitialized memory use in the Video component of Google Chrome on Windows (prior to 149.0.7827.103) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by directing the victim to a crafted HTML page. The vulnerability is Windows-specific, rated High severity by Chromium's internal scale, and carries a CVSS 5.3 due to the high attack complexity and required user interaction stacking atop the renderer-compromise prerequisite. No public exploit identified at time of analysis; Google has released a fix in version 149.0.7827.103.

Information Disclosure Google Microsoft Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11695 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Passwords feature (all versions prior to 149.0.7827.103) can be triggered by a remote unauthenticated attacker delivering a crafted HTML page to a victim. The flaw results from an inappropriate implementation classified under CWE-693 (Protection Mechanism Failure), meaning the browser's same-origin policy enforcement is bypassed specifically within the Passwords subsystem. With a CVSS score of 4.3 and no public exploit or CISA KEV listing identified at time of analysis, this is a medium-severity information disclosure risk requiring user interaction to exploit.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11694 HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 149.0.7827.103 allows attackers who have already compromised the renderer process to execute arbitrary code via a crafted HTML page that triggers a use-after-free in the ServiceWorker component. Rated High severity by Chromium with a CVSS 7.5, the flaw requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and no public exploit has been identified at time of analysis. The vendor has released a patched Stable channel update.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11693 HIGH PATCH This Week

Site isolation bypass in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The flaw is rated High severity by Chromium and carries a CVSS score of 8.1, though EPSS is very low at 0.02% and no public exploit identified at time of analysis. This is a second-stage vulnerability requiring prior renderer compromise, typically chained with a separate RCE in the renderer sandbox.

Authentication Bypass Google Red Hat Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-11692 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a use-after-free in the Read Anything component when processing a crafted HTML page. Google rates this Chromium-severity High, and no public exploit has been identified at time of analysis, but the CVSS 8.3 score reflects the severity of full sandbox escape leading to scoped impact beyond the renderer. This is a second-stage bug requiring chaining with a renderer compromise, not a one-shot drive-by.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11691 LOW PATCH Monitor

Cross-origin data leakage in Google Chrome's New Tab Page (NTP) component prior to version 149.0.7827.103 enables an unauthenticated remote attacker - who has already achieved renderer process compromise - to exfiltrate cross-origin data via a crafted HTML page. The vulnerability stems from insufficient input validation in the NTP, exploitable only as a second-stage attack chained after a separate renderer exploit. No public exploit code or CISA KEV listing exists at time of analysis, and the CVSS base score of 3.1 (Low) accurately reflects the constrained impact: confidentiality-only, low severity, high attack complexity.

Information Disclosure Google
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-11690 HIGH PATCH This Week

Sandbox-confined arbitrary code execution in Google Chrome on macOS versions prior to 149.0.7827.103 stems from an out-of-bounds read and write in the Media component, exploitable by a remote attacker who has already compromised the renderer process and lures a user to a crafted HTML page. Google rates the Chromium severity as High and has released a patched stable channel update; no public exploit identified at time of analysis, and SSVC reports no observed exploitation.

Information Disclosure Google Buffer Overflow RCE Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11689 HIGH PATCH This Week

Site isolation bypass in Google Chrome's Passwords component prior to version 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The flaw is rated High severity by Chromium with a CVSS 8.1 score, but EPSS exploitation probability is very low (0.02%, 6th percentile) and no public exploit identified at time of analysis. The vendor has shipped a fix in the stable channel.

Google Authentication Bypass
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-11688 HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that abuses an inappropriate SVG implementation. Google rates the underlying Chromium issue as High severity, and no public exploit identified at time of analysis, though the user-interaction requirement (UI:R) and high CVSS of 8.8 make this a meaningful drive-by browsing risk once a patch is reverse-engineered.

Code Injection Google RCE Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11687 HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to 149.0.7827.103 enables remote attackers to potentially execute arbitrary code by luring a user to a crafted HTML page that exploits a use-after-free in the Dawn WebGPU implementation. The flaw carries a CVSS 8.8 (High) rating and Chromium rates it High severity; no public exploit has been identified at time of analysis, but Chrome browser bugs of this class are historically attractive targets for in-the-wild exploitation. Patch is available from Google.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11686 LOW PATCH Monitor

Cross-origin data leak in Chrome's Dawn (WebGPU) component on macOS affects all versions prior to 149.0.7827.103, allowing a remote attacker who has already compromised the renderer process to exfiltrate cross-origin data via a crafted HTML page. CVSS score of 3.1 (Low) accurately reflects the constrained impact: confidentiality loss only (C:L), no integrity or availability impact, and a hard prerequisite of prior renderer compromise that makes standalone exploitation impossible. No public exploit code exists and CISA SSVC assessment confirms exploitation status as none with non-automatable attack conditions.

Apple Information Disclosure Google
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-11685 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's MediaCapture implementation on macOS allows a remote attacker to read data from other origins by enticing a user to visit a specially crafted HTML page. Affected versions are all Chrome releases on Mac prior to 149.0.7827.103. The flaw carries a CVSS score of 4.3 (Medium) with no authentication required, though user interaction is necessary; no public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11684 LOW PATCH Monitor

Insufficient network policy enforcement in Google Chrome prior to 149.0.7827.103 allows a remote unauthenticated attacker - who has already compromised the browser's utility process - to leak cross-origin data by luring a victim to a crafted HTML page. The confidentiality impact is limited and scoped unchanged, yielding a CVSS base score of just 3.1 (Low). No public exploit exists and CISA SSVC confirms exploitation status as none at time of analysis.

Information Disclosure Google
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-11683 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 allows attackers to execute arbitrary code within the browser sandbox by luring users to a malicious HTML page that triggers a use-after-free in the WebCodecs component. Chromium rates this as High severity with a CVSS score of 8.8, and while a vendor patch is available, no public exploit has been identified at time of analysis. Exploitation requires user interaction (visiting a crafted page), which moderates real-world risk somewhat but still places this in the high-priority browser-patching tier.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11682 HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page, escalating from a contained renderer context to broader host access. Chromium rates this High severity, and while no public exploit has been identified at time of analysis, the CVSS 8.3 score reflects the serious consequence of bypassing one of the browser's core security boundaries. The flaw resides in the Views component and requires user interaction (UI:R) plus a prior renderer compromise, making it a second-stage vulnerability in a multi-bug exploit chain.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11681 HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone component on Linux before version 149.0.7827.103 allows remote attackers to potentially achieve arbitrary code execution within the browser process when a victim visits a crafted HTML page. The flaw is a use-after-free rated High severity by Chromium, with CVSS 8.8 reflecting network-reachable exploitation requiring only minimal user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11680 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page, triggering a use-after-free condition in the Media component. The flaw carries a CVSS 8.8 (High) rating and is tagged by Chromium as High severity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE Use After Free Microsoft +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11679 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. Google rates this Chromium security severity as High, and a vendor patch is available; no public exploit was identified at time of analysis, though the scope-changed CVSS 8.3 reflects the cross-boundary impact of breaching the sandbox.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11678 MEDIUM PATCH This Month

Integer overflow in libyuv allows a renderer-compromised attacker to read sensitive process memory in Google Chrome prior to 149.0.7827.103. This is a chained, post-exploitation vulnerability: the attacker must first control the Chrome renderer process (via a separate exploit), then serve a crafted HTML page that triggers the libyuv integer overflow to extract memory contents - making this a privilege escalation and data exfiltration primitive within a broader attack chain. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11677 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via a race condition triggered by a crafted HTML page. Chromium rates the severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis.

Information Disclosure Google Race Condition Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11676 HIGH PATCH This Week

Sandbox escape in Google Chrome and ChromeOS on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Dawn (WebGPU) component. Chromium rates the severity High, and while no public exploit identified at time of analysis, sandbox-escape bugs in Dawn are historically chained with renderer RCE bugs in exploit chains. The CVSS 8.3 score reflects the high attack complexity and required user interaction, but the scope change (S:C) signals a meaningful trust-boundary break.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11675 LOW PATCH Monitor

Out-of-bounds read in Chrome's Skia graphics engine (versions prior to 149.0.7827.103) enables cross-origin data leakage via a crafted HTML page, but only after a prior renderer process compromise. The CVSS score of 3.1 (Low) reflects the constrained impact: confidentiality loss is limited in scope, and the prerequisite renderer compromise represents a significant barrier. No public exploit identified at time of analysis, and CISA SSVC confirms exploitation status as none with non-automatable attack surface.

Google Buffer Overflow
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-11674 HIGH PATCH This Week

Remote code execution in Google Chrome's Guest View component prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring users to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium with a CVSS of 8.8, and while no public exploit has been identified at time of analysis, Google has shipped a patched stable channel build. Exploitation requires user interaction (visiting a malicious page) and code execution is confined to the sandbox, meaning a sandbox escape would be needed for full host compromise.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11673 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the InterestGroups component, enabling a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The vulnerability carries a CVSS 8.8 (High) score and is rated High severity by Chromium, but no public exploit identified at time of analysis and SSVC indicates exploitation status of none. Attack requires user interaction (visiting a malicious page) but no authentication.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11672 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a heap buffer overflow in the GPU process triggered by a crafted HTML page. Rated High severity by Chromium with a CVSS 8.3 reflecting scope change and full CIA impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Google Memory Corruption Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11671 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 149.0.7827.103 allows a remote attacker to break out of the renderer sandbox through a use-after-free in the Navigation component when a victim visits a crafted HTML page. The CVSS 9.6 score reflects a scope-changing impact on confidentiality, integrity, and availability with only user interaction (visiting a page) required, and no public exploit was identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11670 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the PDF component, enabling a remote attacker who lures a user into opening a crafted PDF to execute arbitrary code within the renderer sandbox. Rated High by Chromium with CVSS 8.8, the issue requires user interaction but no authentication, and currently has no public exploit identified at time of analysis.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11669 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's Media component on ChromeOS allows an attacker who has already compromised the renderer process to exfiltrate potentially sensitive data from process memory via a crafted HTML page. Affected are all Chrome for ChromeOS releases prior to 149.0.7827.103. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained by both the ChromeOS-only scope and the mandatory prerequisite of a pre-compromised renderer, making this a chained attack scenario rather than a standalone critical threat.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11668 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's codec subsystem on Linux and ChromeOS (versions prior to 149.0.7827.103) enables remote unauthenticated attackers to exfiltrate sensitive data from other origins by delivering a specially crafted video file to a target user. The root cause is uninitialized memory use (CWE-457) within the codec pipeline, where memory contents from other origin contexts may be exposed during video processing. No public exploit code has been identified at time of analysis, and CISA SSVC classifies exploitation status as 'none'; however, the network-accessible attack surface and lack of authentication requirement make patching a prudent priority for Linux and ChromeOS deployments.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11667 HIGH PATCH This Week

Out-of-bounds read in the WebRTC component of Google Chrome before 149.0.7827.103 enables a remote attacker who has already compromised the GPU process to escalate into heap corruption via a crafted HTML page. Google rates this High severity and a vendor patch is available; no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring a prior sandbox-adjacent foothold plus user interaction.

Information Disclosure Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11666 MEDIUM PATCH This Month

UI spoofing in Google Chrome prior to 149.0.7827.103 enables remote unauthenticated attackers to deceive users into interacting with falsified browser interface elements via a crafted HTML page. The vulnerability exploits insufficient input validation in Chrome's Input component (CWE-20), carrying a moderate CVSS 5.4 with confirmed low confidentiality impact and an Information Disclosure tag suggesting data exposure risk through spoofed UI surfaces such as fake dialogs or address bar manipulation. EPSS probability is very low at 0.05% (15th percentile), no public exploit has been identified, and no CISA KEV listing exists at time of analysis.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-11665 MEDIUM PATCH This Month

Out-of-bounds read in Dawn, Chrome's WebGPU graphics API layer, on Windows enables unauthenticated remote attackers to leak cross-origin data by serving a crafted HTML page. Affected versions of Google Chrome on Windows are all releases prior to 149.0.7827.103. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) confirms this is a network-exploitable, low-complexity information disclosure with no authentication requirement - limited only by the need for a user to visit the attacker-controlled page. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Microsoft Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11664 HIGH PATCH This Week

Heap corruption in Google Chrome's Payments component before 149.0.7827.103 allows remote attackers to exploit a use-after-free condition by enticing a victim to visit a crafted HTML page, potentially achieving arbitrary code execution within the renderer sandbox. Chromium rates the severity as High, and CVSS 8.8 reflects network-reachable exploitation with low complexity, though successful exploitation requires user interaction (visiting an attacker-controlled page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11663 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a use-after-free in the Skia graphics library. The flaw is rated High severity by Chromium and carries a CVSS 8.3, but exploitation requires both a prior renderer compromise and user interaction with a crafted HTML page. No public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11662 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw stems from a type confusion bug in Chromium's Bindings layer (CWE-843), rated High severity by Chromium and CVSS 8.8 due to network-based exploitation requiring only user interaction. No public exploit identified at time of analysis and EPSS data was not provided, but Chromium V8/bindings issues historically attract exploit development.

Google Memory Corruption RCE Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11661 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered through a crafted HTML page. Google rates this Chromium security severity High and a vendor patch is available; no public exploit identified at time of analysis and the bug is not currently listed in CISA KEV.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11660 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page served through the New Tab Page. Google rates the underlying Chromium severity as High and a fix is shipped in the stable channel, but no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11659 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 can be triggered by an integer overflow in the browser's UI component when a victim visits a crafted HTML page. Rated CVSS 9.6 with scope change, this issue allows a remote attacker to break out of the Chrome renderer sandbox after one click or navigation, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11658 MEDIUM PATCH This Month

Site isolation bypass in Google Chrome's Extensions subsystem prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to defeat cross-origin security boundaries via a crafted HTML page requiring one user interaction. The root cause is CWE-20 (Improper Input Validation) in the Extensions layer, meaning the Extensions subsystem fails to adequately validate untrusted input before acting on it across site isolation boundaries. EPSS is low at 0.02% (6th percentile), no public exploit code or CISA KEV listing exists at time of analysis, and a vendor patch is confirmed at 149.0.7827.103.

Authentication Bypass Google Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11657 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Payments component, allowing a remote attacker to run arbitrary code in the renderer process via a crafted HTML page. The issue carries a CVSS 8.8 (High) rating and was reported through Google's internal Chrome security process; no public exploit identified at time of analysis. Exploitation requires the victim to load attacker-controlled web content (UI:R), but no authentication or special privileges are needed.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11656 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ServiceWorker component, allowing an attacker to break out of Chrome's renderer sandbox through a crafted malicious extension. The flaw is rated Chromium severity High with CVSS 8.3 and no public exploit identified at time of analysis, but the scope-change (S:C) and full CIA impact mean a successful escape grants meaningful control over the host browser process. Exploitation requires the victim to install the attacker's extension, which constrains opportunistic mass exploitation but is realistic against targeted users.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-11655 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to version 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers an integer overflow in the Media component. Google rates the Chromium severity as High, and no public exploit has been identified at time of analysis. Because exploitation requires chaining with a separate renderer compromise plus user interaction (visiting a malicious page), the attack complexity is High despite the network attack vector.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11654 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Mac (versions prior to 149.0.7827.103) stems from a use-after-free condition in the CameraCapture component, enabling a remote attacker to break out of the renderer sandbox via a crafted HTML page. With a CVSS of 9.6 (scope-changed, high impact across CIA) and an upstream fix released by Google, the bug carries high severity but requires user interaction to load the malicious page; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11653 MEDIUM PATCH This Month

Site isolation bypass in Google Chrome Extensions (versions prior to 149.0.7827.103) enables a remote attacker who has already compromised the renderer process to escape cross-origin content boundaries via a crafted HTML page. The vulnerability stems from improper input validation (CWE-20) in the Extensions subsystem, producing a high integrity impact (I:H) with no confidentiality or availability loss per the CVSS vector. No public exploit code exists and no active exploitation has been confirmed, with EPSS at 0.02% (6th percentile), consistent with a chained, high-complexity attack path.

Authentication Bypass Google Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11652 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox through a use-after-free flaw in the Extensions component, triggered via a crafted HTML page. Google rates the underlying Chromium severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV. The vulnerability is meaningful as the second stage in a multi-bug renderer-to-system exploit chain rather than as a single-shot drive-by.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11651 CRITICAL PATCH Act Now

Remote code execution in Google Chrome's Network component before version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) classified High severity by Chromium with a CVSS 9.6 due to scope change and user-interaction prerequisite. No public exploit identified at time of analysis, but a vendor patch is already shipped via the Stable channel update.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11650 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium and carries a CVSS 8.8 score; no public exploit identified at time of analysis, but V8 UAF bugs are historically high-value targets for exploit chains.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11649 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS 8.8 score reflecting low attack complexity but requiring user interaction. No public exploit identified at time of analysis, though V8 use-after-frees historically attract rapid weaponization for browser exploit chains.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11648 HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's FullScreen component on Windows prior to 149.0.7827.103 enables remote attackers to potentially achieve code execution when a victim visits a malicious HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects the network-reachable, low-complexity nature of the bug, tempered by required user interaction (UI:R).

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11647 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Printing component. Google rates this High severity, and a vendor patch is available, but no public exploit identified at time of analysis and the vulnerability requires chaining with a separate renderer compromise plus user interaction with a print flow.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11646 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ViewTransitions component, allowing a remote attacker to execute arbitrary code within the browser's renderer sandbox by serving a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11645 HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Google Chrome's V8 JavaScript engine prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw is an out-of-bounds read and write (CWE-125) rated High severity by Chromium with a CVSS 8.8, and no public exploit identified at time of analysis, though V8 memory-corruption issues historically attract exploit development.

Information Disclosure Google Buffer Overflow RCE Red Hat +1
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2026-11644 HIGH PATCH This Week

Use-after-free in the Views component of Google Chrome on Linux prior to 149.0.7827.103 allows remote attackers to execute arbitrary code by tricking a user into installing a crafted malicious extension. Chromium rates the underlying flaw Critical, though the NVD CVSS score of 7.5 reflects the high attack complexity and required user interaction. No public exploit identified at time of analysis.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-11643 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the Proxy component, enabling remote attackers to execute arbitrary code by delivering malicious network traffic. Chromium has rated this issue Critical severity, and while no public exploit is identified at the time of analysis, the network-reachable nature of the Proxy subsystem and Chrome's massive deployment footprint make this a high-priority browser patch. The CVSS 8.1 score reflects high attack complexity offset by no required privileges or user interaction.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-11642 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting a use-after-free in Web Apps. Chromium rates the severity as Critical, and a vendor patch is available, though no public exploit has been identified at time of analysis. This is a second-stage vulnerability typically chained with a renderer RCE to achieve full browser compromise.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11641 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 can be triggered via a use-after-free flaw in the Bluetooth component, allowing a remote attacker to execute arbitrary code when a victim visits a crafted HTML page and performs specific UI gestures. Chromium rates the severity as Critical, though the CVSS 3.1 score of 7.5 reflects high attack complexity and required user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Google Memory Corruption RCE Use After Free Microsoft +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11640 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an integer overflow in the libyuv image conversion library. Exploitation requires user interaction with a crafted HTML page and a chained renderer compromise, but Google rated the underlying issue Critical because a successful chain yields code execution outside Chrome's sandbox. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.03%.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-11639 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 allows a remote attacker to exploit a use-after-free flaw in the Compositing component via a crafted HTML page. Google has rated the underlying Chromium security severity as Critical, and no public exploit identified at time of analysis, though the bug is patched in the latest stable channel. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, which moderates real-world risk despite the high impact.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11638 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables remote attackers to break out of the browser's renderer sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Chromium rated this issue Critical severity, and the CVSS scope change (S:C) confirms the sandbox boundary is crossed; no public exploit identified at time of analysis, but the attack only requires the victim to load attacker-controlled content.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11637 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Views UI component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Google rates the underlying Chromium severity as Critical, and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.8 score reflects network-reachable exploitation with low complexity but requiring user interaction (visiting the malicious page).

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11636 HIGH PATCH This Week

Heap corruption in Google Chrome's Autofill component on Windows versions prior to 149.0.7827.103 allows remote attackers to potentially achieve code execution by luring users to a malicious HTML page and convincing them to perform specific UI interactions. Chromium rates the underlying flaw as Critical severity, though CVSS scores it 7.5 due to required user interaction and high attack complexity. No public exploit identified at time of analysis.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11635 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Bluetooth component, triggered by a crafted HTML page. Chromium rates the severity as Critical, and a vendor patch is available; no public exploit has been identified at time of analysis, though the bug is tracked in the Chromium issue tracker (516987814).

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11634 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11633 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to 149.0.7827.103 stems from a use-after-free condition in the browser's Bluetooth subsystem, rated Critical by Chromium's internal severity scale and CVSS 8.8 by NVD. A remote attacker operating a malicious Bluetooth peripheral can trigger memory corruption to execute arbitrary code in the browser process after the victim performs minimal interaction. No public exploit identified at time of analysis, though Google has released a patched Stable channel build addressing the flaw.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11632 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the TabStrip UI component, allowing remote attackers to execute arbitrary code when victims interact with a malicious HTML page via specific UI gestures. Google rates the Chromium severity as Critical, and a vendor-released patch is available; no public exploit has been identified at time of analysis. The high attack complexity (AC:H) and required user interaction (UI:R) constrain mass exploitation despite the severe technical impact.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11631 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Aura UI framework. Google rates the underlying Chromium issue as Critical severity, though exploitation requires a prior renderer compromise and user interaction (visiting a malicious page). No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11630 HIGH PATCH This Week

Heap corruption in Google Chrome's File Input component before version 149.0.7827.103 allows a remote attacker to exploit a use-after-free condition by luring a user to a crafted HTML page, with Chromium rating the issue Critical. No public exploit identified at time of analysis, but the high CVSS 8.8 score and browser attack surface make this a priority patch for desktop fleets.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11629 HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone display server component prior to version 149.0.7827.103 allows remote attackers to exploit a use-after-free condition through a malicious web page, with Chromium rating this as Critical severity. Successful exploitation requires the victim to visit attacker-controlled HTML content, but yields high impact on confidentiality, integrity, and availability in the renderer process. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11628 MEDIUM PATCH This Month

Heap corruption via use-after-free in Chrome's Ozone display subsystem (versions prior to 149.0.7827.103) enables a local attacker with physical device access to achieve high-impact compromise across confidentiality, integrity, and availability. The CVSS vector (AV:P/AC:L/PR:N/UI:N) confirms physical presence is the primary prerequisite, with no authentication or user interaction required once access is obtained. No public exploit code or CISA KEV listing has been identified at time of analysis; a vendor-released patch is available in Chrome 149.0.7827.103.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-47726 Go HIGH PATCH GHSA This Week

Information disclosure in nebula-mesh through v0.3.1 allows any holder of an operator API key to read the server-wide audit log via GET /api/v1/audit-log, exposing cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entries. The handleGetAuditLog endpoint enforces only bearer authentication with no admin-role check, so a low-privilege tenant can enumerate staffing patterns and high-value targets. Publicly available exploit code exists in the form of a one-line curl reproducer published in the GHSA advisory; no public exploit identified at time of analysis as actively weaponized, and the issue is not on CISA KEV.

Authentication Bypass Google
NVD GitHub
EPSS
0.0%
CVE-2026-47693 PHP MEDIUM PATCH GHSA This Month

CSV Injection in Poweradmin's log export functionality allows a high-privileged attacker to embed spreadsheet formulas in usernames that execute when an administrator exports activity logs and opens the resulting CSV in Excel, LibreOffice Calc, or Google Sheets. All four log export controllers pass username fields directly to PHP's fputcsv() without neutralizing formula trigger characters (=, +, -, @), enabling phishing via rendered hyperlinks and silent data exfiltration via =IMPORTXML() or similar functions targeting victim administrators. Publicly available exploit code exists per GHSA-3h6h-67x3-cv5x; the vulnerability is not listed in CISA KEV.

Google PHP Information Disclosure Microsoft Docker
NVD GitHub
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-47252 Go CRITICAL PATCH GHSA Act Now

Code injection in the anyquery chrome_tabs plugin (and Brave/Edge/Safari variants) on macOS allows an authenticated SQL client to break out of an AppleScript URL property record and execute arbitrary `osascript` commands, including `do shell script` for OS-level command execution. The flaw affects anyquery 0.4.4 (commit 0abd460) and stems from unescaped string interpolation at plugins/chrome/tabs.go:141 and :169. Publicly available exploit code exists in the GHSA advisory (GHSA-hrj8-hjv8-mgwc), though no public exploit identified at time of analysis in mass-exploitation feeds and KEV does not list it.

Command Injection Code Injection Google RCE Apple +2
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-11411 LOW POC Monitor

Path traversal in iAI Lab PDF AI App 4.21.0 on Android allows a local low-privileged attacker to manipulate the `_display_name` argument within the `getExternalCacheDir` function of the `chatpdf.pro` component, enabling unauthorized file system access outside the intended cache directory. The CVSS 4.0 score of 1.9 reflects the strictly local attack surface and limited integrity and availability impact with no confidentiality breach. A public proof-of-concept exploit has been released; the vendor was contacted prior to disclosure and did not respond, leaving the vulnerability unpatched.

Google Path Traversal
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9594 MEDIUM This Month

Stored Cross-Site Scripting in WP Maps (all versions through 4.9.4) allows authenticated attackers holding the wpgmp_manage_location capability - granted to administrators by default but delegable to lower-privileged roles - to inject persistent malicious scripts via the 'location_messages' parameter. The CVSS scope change (S:C) confirms the injected payload executes across victim browser sessions on any page rendering the affected shortcode, enabling session hijacking or unauthorized actions on behalf of site visitors. No public exploit code has been identified at time of analysis and this CVE is not listed in CISA KEV; however, the delegable capability expands the potential attacker pool beyond pure administrators.

XSS Google WordPress
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-7624 MEDIUM This Month

Authorization bypass in the Squirrly SEO WordPress plugin (all versions through 12.4.16) allows authenticated attackers with contributor-level access to invoke privileged Squirrly cloud API operations reserved for administrators, including revoking the site's Google Search Console and Google Analytics integrations via the `api/gsc/revoke` and `api/ga/revoke` endpoints. The flaw stems from the plugin's failure to verify the `sq_manage_settings` capability before processing these state-changing cloud API calls, meaning any contributor can silently destroy critical SEO and analytics data connections without administrator knowledge. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Google WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-5411 HIGH This Week

Remote code execution in WP Captcha PRO (premium version of the Advanced Google reCAPTCHA WordPress plugin) through version 5.38 allows authenticated Subscriber-level attackers to upload arbitrary files, including PHP webshells, by abusing the licensing module's save_ajax() capability check and the unrestricted archive extraction in sync_cloud_protection(). No public exploit identified at time of analysis, but the CVSS 8.8 rating and trivial Subscriber-level prerequisite - common on sites with open registration - make this a high-priority WordPress ecosystem flaw. Wordfence is the original reporter and primary intelligence source.

File Upload WordPress Google RCE PHP
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-5415 HIGH This Week

Authentication bypass in WP Captcha PRO (and the free Advanced Google reCAPTCHA plugin sharing the same slug) for WordPress versions through 5.38 allows authenticated Subscriber-level users to log in as any account, including Administrator. The flaw chains a missing capability check in the ajax_run_tool() AJAX handler with the create_temporary_link tool that issues passwordless login links for arbitrary users, enabling full account takeover. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Authentication Bypass Google WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-21038 MEDIUM This Month

Out-of-bounds memory access in Samsung Android USB Driver for Windows (all versions prior to 1.9.5.0) allows a local attacker without elevated privileges to corrupt or read memory beyond allocated bounds, resulting in high availability impact and low integrity impact on the affected Windows host. Samsung has released version 1.9.5.0 as the corrective patch, documented under EUVD-2026-34810. No public exploit code exists and the vulnerability is not listed in CISA KEV at time of analysis, though the CVSS 4.0 AT:P modifier signals a required target-specific condition that narrows exploitability.

Google Microsoft Samsung Buffer Overflow Information Disclosure +1
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-21034 MEDIUM This Month

Samsung Auto for Android exposes audio configuration functionality through improperly exported application components, allowing a local attacker with low privileges to arbitrarily modify audio settings without authorization. Affected versions are Samsung Auto prior to 3.1.2.61 on Android 15 and prior to 3.2.0.38 on Android 16, as confirmed by the Samsung Mobile vendor advisory and EUVD-2026-34806. No public exploit is identified at time of analysis and this vulnerability has not been added to the CISA KEV catalog, placing it at low real-world priority despite the straightforward local attack path.

Information Disclosure Google Samsung Samsung Auto
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Security control bypass in Palo Alto Networks Prisma Access Agent for Linux enables a local, low-privileged attacker to route network traffic outside the VPN tunnel, undermining the core data-in-transit protection the agent is designed to enforce. Only Linux deployments are affected - Windows, macOS, iOS, Android, and ChromeOS are explicitly not impacted. No public exploit code exists at time of analysis and this vulnerability is not listed in the CISA KEV catalog, but the CVSS 4.0 confidentiality impact is rated High due to the exposure of unencrypted traffic to untrusted network paths.

Authentication Bypass Microsoft Google +2
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Clipboard hijacking in Lenovo's built-in Android browser application allows a malicious website to silently overwrite system clipboard contents on affected devices. The vulnerability impacts Lenovo Android tablets distributed exclusively in the Chinese market, enabling a network-based attacker to manipulate clipboard data when a user visits a crafted website. No confirmed active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; EPSS data was not provided in available intelligence.

Information Disclosure Google Lenovo
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Cross-site request forgery in the Nezha monitoring dashboard (versions >= 1.0.0, < 2.0.14) allows remote attackers to force a logged-in user's browser to trigger any of the victim's existing cron tasks via a GET navigation to /api/v1/cron/:id/manual, causing the stored command to be dispatched to the victim's online agents. The flaw stems from a state-changing GET endpoint protected only by a SameSite=Lax JWT cookie with no CSRF token, Origin/Referer check, or Fetch Metadata guard. No public exploit identified at time of analysis beyond the reporter's safe Go-test proof; the issue is not in CISA KEV.

CSRF Google
NVD GitHub VulDB
EPSS 0%
HIGH PATCH This Week

Detection bypass in @hulumi/policies versions prior to 1.4.0 allows IAM trust policies that list multiple OIDC federated providers to evade the G_OIDC_1 and G_OIDC_2 policy checks for GitHub Actions OIDC roles. Consumers of HulumiHardeningPack or HulumiGithubHardeningPack can therefore ship roles with wildcard sub: conditions - assumable by untrusted forked-PR workflows - while the validator falsely reports compliance, including missing the AdministratorAccess blast-radius flag. No public exploit identified at time of analysis, and there is no CISA KEV listing.

Information Disclosure Google
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Local spoofing in Microsoft Office for Android lets an unauthorized attacker manipulate trust-affecting content or identity indicators after a user interacts with malicious input on the device. The CVSS 7.1 score reflects high confidentiality and integrity impact with no special privileges required, though the local attack vector and required user interaction limit remote exploitability. No public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Authentication Bypass Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Teams for Android allows an authenticated remote attacker to extract sensitive data via an injection flaw (CWE-74) in output passed to a downstream component. The CVSS 8.1 rating reflects high confidentiality and availability impact over the network with low privileges and no user interaction, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Microsoft +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

UI spoofing in Google Chrome's Guest View component prior to 149.0.7827.103 enables a remote unauthenticated attacker to deceive users about page content or origin by delivering a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms exploitation requires no privileges and no special network position, but does require the victim to visit a malicious page. With an EPSS score of 0.05% at the 15th percentile and no CISA KEV listing, real-world exploitation is currently assessed as low probability, though the zero-friction delivery mechanism (a link) keeps the attack surface broad.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the Tracing component, triggered through a crafted HTML page. No public exploit identified at time of analysis, and SSVC indicates exploitation status is 'none', but the technical impact is rated total because a successful escape grants code execution at browser-process privileges. Google has shipped a fix and rates the underlying Chromium severity as Medium, while the assigned CVSS is 8.3 due to scope change and high CIA impact.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 149.0.7827.103 can be triggered remotely through a crafted HTML page that exploits a use-after-free condition in the browser's Bluetooth component. Successful exploitation requires the victim to visit attacker-controlled content but no authentication, and Google has rated the underlying Chromium severity as High with no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 149.0.7827.103 allows remote attackers to potentially execute arbitrary code by luring a victim to a crafted HTML page that triggers a use-after-free in the browser's Bluetooth component. Google has released a patched stable channel update, and while no public exploit has been identified at time of analysis, the CVSS 8.8 score reflects the high impact achievable with only a single user click. CISA SSVC currently scores exploitation as 'none' but technical impact as 'total', consistent with a serious but not yet weaponized browser flaw.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker to break out of the browser's renderer sandbox via a crafted HTML page that exploits insufficient input validation in the UI layer. The scope-changing CVSS 9.6 reflects that successful exploitation crosses the sandbox security boundary, though user interaction (visiting a malicious page) is required. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV, but Google rates the underlying Chromium severity as High.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Uninitialized memory use in the Video component of Google Chrome on Windows (prior to 149.0.7827.103) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by directing the victim to a crafted HTML page. The vulnerability is Windows-specific, rated High severity by Chromium's internal scale, and carries a CVSS 5.3 due to the high attack complexity and required user interaction stacking atop the renderer-compromise prerequisite. No public exploit identified at time of analysis; Google has released a fix in version 149.0.7827.103.

Information Disclosure Google Microsoft +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Passwords feature (all versions prior to 149.0.7827.103) can be triggered by a remote unauthenticated attacker delivering a crafted HTML page to a victim. The flaw results from an inappropriate implementation classified under CWE-693 (Protection Mechanism Failure), meaning the browser's same-origin policy enforcement is bypassed specifically within the Passwords subsystem. With a CVSS score of 4.3 and no public exploit or CISA KEV listing identified at time of analysis, this is a medium-severity information disclosure risk requiring user interaction to exploit.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 149.0.7827.103 allows attackers who have already compromised the renderer process to execute arbitrary code via a crafted HTML page that triggers a use-after-free in the ServiceWorker component. Rated High severity by Chromium with a CVSS 7.5, the flaw requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and no public exploit has been identified at time of analysis. The vendor has released a patched Stable channel update.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Site isolation bypass in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The flaw is rated High severity by Chromium and carries a CVSS score of 8.1, though EPSS is very low at 0.02% and no public exploit identified at time of analysis. This is a second-stage vulnerability requiring prior renderer compromise, typically chained with a separate RCE in the renderer sandbox.

Authentication Bypass Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a use-after-free in the Read Anything component when processing a crafted HTML page. Google rates this Chromium-severity High, and no public exploit has been identified at time of analysis, but the CVSS 8.3 score reflects the severity of full sandbox escape leading to scoped impact beyond the renderer. This is a second-stage bug requiring chaining with a renderer compromise, not a one-shot drive-by.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Cross-origin data leakage in Google Chrome's New Tab Page (NTP) component prior to version 149.0.7827.103 enables an unauthenticated remote attacker - who has already achieved renderer process compromise - to exfiltrate cross-origin data via a crafted HTML page. The vulnerability stems from insufficient input validation in the NTP, exploitable only as a second-stage attack chained after a separate renderer exploit. No public exploit code or CISA KEV listing exists at time of analysis, and the CVSS base score of 3.1 (Low) accurately reflects the constrained impact: confidentiality-only, low severity, high attack complexity.

Information Disclosure Google
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandbox-confined arbitrary code execution in Google Chrome on macOS versions prior to 149.0.7827.103 stems from an out-of-bounds read and write in the Media component, exploitable by a remote attacker who has already compromised the renderer process and lures a user to a crafted HTML page. Google rates the Chromium severity as High and has released a patched stable channel update; no public exploit identified at time of analysis, and SSVC reports no observed exploitation.

Information Disclosure Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Site isolation bypass in Google Chrome's Passwords component prior to version 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The flaw is rated High severity by Chromium with a CVSS 8.1 score, but EPSS exploitation probability is very low (0.02%, 6th percentile) and no public exploit identified at time of analysis. The vendor has shipped a fix in the stable channel.

Google Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that abuses an inappropriate SVG implementation. Google rates the underlying Chromium issue as High severity, and no public exploit identified at time of analysis, though the user-interaction requirement (UI:R) and high CVSS of 8.8 make this a meaningful drive-by browsing risk once a patch is reverse-engineered.

Code Injection Google RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to 149.0.7827.103 enables remote attackers to potentially execute arbitrary code by luring a user to a crafted HTML page that exploits a use-after-free in the Dawn WebGPU implementation. The flaw carries a CVSS 8.8 (High) rating and Chromium rates it High severity; no public exploit has been identified at time of analysis, but Chrome browser bugs of this class are historically attractive targets for in-the-wild exploitation. Patch is available from Google.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Cross-origin data leak in Chrome's Dawn (WebGPU) component on macOS affects all versions prior to 149.0.7827.103, allowing a remote attacker who has already compromised the renderer process to exfiltrate cross-origin data via a crafted HTML page. CVSS score of 3.1 (Low) accurately reflects the constrained impact: confidentiality loss only (C:L), no integrity or availability impact, and a hard prerequisite of prior renderer compromise that makes standalone exploitation impossible. No public exploit code exists and CISA SSVC assessment confirms exploitation status as none with non-automatable attack conditions.

Apple Information Disclosure Google
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's MediaCapture implementation on macOS allows a remote attacker to read data from other origins by enticing a user to visit a specially crafted HTML page. Affected versions are all Chrome releases on Mac prior to 149.0.7827.103. The flaw carries a CVSS score of 4.3 (Medium) with no authentication required, though user interaction is necessary; no public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Insufficient network policy enforcement in Google Chrome prior to 149.0.7827.103 allows a remote unauthenticated attacker - who has already compromised the browser's utility process - to leak cross-origin data by luring a victim to a crafted HTML page. The confidentiality impact is limited and scoped unchanged, yielding a CVSS base score of just 3.1 (Low). No public exploit exists and CISA SSVC confirms exploitation status as none at time of analysis.

Information Disclosure Google
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 allows attackers to execute arbitrary code within the browser sandbox by luring users to a malicious HTML page that triggers a use-after-free in the WebCodecs component. Chromium rates this as High severity with a CVSS score of 8.8, and while a vendor patch is available, no public exploit has been identified at time of analysis. Exploitation requires user interaction (visiting a crafted page), which moderates real-world risk somewhat but still places this in the high-priority browser-patching tier.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page, escalating from a contained renderer context to broader host access. Chromium rates this High severity, and while no public exploit has been identified at time of analysis, the CVSS 8.3 score reflects the serious consequence of bypassing one of the browser's core security boundaries. The flaw resides in the Views component and requires user interaction (UI:R) plus a prior renderer compromise, making it a second-stage vulnerability in a multi-bug exploit chain.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone component on Linux before version 149.0.7827.103 allows remote attackers to potentially achieve arbitrary code execution within the browser process when a victim visits a crafted HTML page. The flaw is a use-after-free rated High severity by Chromium, with CVSS 8.8 reflecting network-reachable exploitation requiring only minimal user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page, triggering a use-after-free condition in the Media component. The flaw carries a CVSS 8.8 (High) rating and is tagged by Chromium as High severity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. Google rates this Chromium security severity as High, and a vendor patch is available; no public exploit was identified at time of analysis, though the scope-changed CVSS 8.3 reflects the cross-boundary impact of breaching the sandbox.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Integer overflow in libyuv allows a renderer-compromised attacker to read sensitive process memory in Google Chrome prior to 149.0.7827.103. This is a chained, post-exploitation vulnerability: the attacker must first control the Chrome renderer process (via a separate exploit), then serve a crafted HTML page that triggers the libyuv integer overflow to extract memory contents - making this a privilege escalation and data exfiltration primitive within a broader attack chain. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via a race condition triggered by a crafted HTML page. Chromium rates the severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis.

Information Disclosure Google Race Condition +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome and ChromeOS on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Dawn (WebGPU) component. Chromium rates the severity High, and while no public exploit identified at time of analysis, sandbox-escape bugs in Dawn are historically chained with renderer RCE bugs in exploit chains. The CVSS 8.3 score reflects the high attack complexity and required user interaction, but the scope change (S:C) signals a meaningful trust-boundary break.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Out-of-bounds read in Chrome's Skia graphics engine (versions prior to 149.0.7827.103) enables cross-origin data leakage via a crafted HTML page, but only after a prior renderer process compromise. The CVSS score of 3.1 (Low) reflects the constrained impact: confidentiality loss is limited in scope, and the prerequisite renderer compromise represents a significant barrier. No public exploit identified at time of analysis, and CISA SSVC confirms exploitation status as none with non-automatable attack surface.

Google Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Guest View component prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring users to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium with a CVSS of 8.8, and while no public exploit has been identified at time of analysis, Google has shipped a patched stable channel build. Exploitation requires user interaction (visiting a malicious page) and code execution is confined to the sandbox, meaning a sandbox escape would be needed for full host compromise.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the InterestGroups component, enabling a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The vulnerability carries a CVSS 8.8 (High) score and is rated High severity by Chromium, but no public exploit identified at time of analysis and SSVC indicates exploitation status of none. Attack requires user interaction (visiting a malicious page) but no authentication.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a heap buffer overflow in the GPU process triggered by a crafted HTML page. Rated High severity by Chromium with a CVSS 8.3 reflecting scope change and full CIA impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Google Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 149.0.7827.103 allows a remote attacker to break out of the renderer sandbox through a use-after-free in the Navigation component when a victim visits a crafted HTML page. The CVSS 9.6 score reflects a scope-changing impact on confidentiality, integrity, and availability with only user interaction (visiting a page) required, and no public exploit was identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the PDF component, enabling a remote attacker who lures a user into opening a crafted PDF to execute arbitrary code within the renderer sandbox. Rated High by Chromium with CVSS 8.8, the issue requires user interaction but no authentication, and currently has no public exploit identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in Chrome's Media component on ChromeOS allows an attacker who has already compromised the renderer process to exfiltrate potentially sensitive data from process memory via a crafted HTML page. Affected are all Chrome for ChromeOS releases prior to 149.0.7827.103. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained by both the ChromeOS-only scope and the mandatory prerequisite of a pre-compromised renderer, making this a chained attack scenario rather than a standalone critical threat.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's codec subsystem on Linux and ChromeOS (versions prior to 149.0.7827.103) enables remote unauthenticated attackers to exfiltrate sensitive data from other origins by delivering a specially crafted video file to a target user. The root cause is uninitialized memory use (CWE-457) within the codec pipeline, where memory contents from other origin contexts may be exposed during video processing. No public exploit code has been identified at time of analysis, and CISA SSVC classifies exploitation status as 'none'; however, the network-accessible attack surface and lack of authentication requirement make patching a prudent priority for Linux and ChromeOS deployments.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in the WebRTC component of Google Chrome before 149.0.7827.103 enables a remote attacker who has already compromised the GPU process to escalate into heap corruption via a crafted HTML page. Google rates this High severity and a vendor patch is available; no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring a prior sandbox-adjacent foothold plus user interaction.

Information Disclosure Google Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

UI spoofing in Google Chrome prior to 149.0.7827.103 enables remote unauthenticated attackers to deceive users into interacting with falsified browser interface elements via a crafted HTML page. The vulnerability exploits insufficient input validation in Chrome's Input component (CWE-20), carrying a moderate CVSS 5.4 with confirmed low confidentiality impact and an Information Disclosure tag suggesting data exposure risk through spoofed UI surfaces such as fake dialogs or address bar manipulation. EPSS probability is very low at 0.05% (15th percentile), no public exploit has been identified, and no CISA KEV listing exists at time of analysis.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds read in Dawn, Chrome's WebGPU graphics API layer, on Windows enables unauthenticated remote attackers to leak cross-origin data by serving a crafted HTML page. Affected versions of Google Chrome on Windows are all releases prior to 149.0.7827.103. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) confirms this is a network-exploitable, low-complexity information disclosure with no authentication requirement - limited only by the need for a user to visit the attacker-controlled page. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Payments component before 149.0.7827.103 allows remote attackers to exploit a use-after-free condition by enticing a victim to visit a crafted HTML page, potentially achieving arbitrary code execution within the renderer sandbox. Chromium rates the severity as High, and CVSS 8.8 reflects network-reachable exploitation with low complexity, though successful exploitation requires user interaction (visiting an attacker-controlled page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a use-after-free in the Skia graphics library. The flaw is rated High severity by Chromium and carries a CVSS 8.3, but exploitation requires both a prior renderer compromise and user interaction with a crafted HTML page. No public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw stems from a type confusion bug in Chromium's Bindings layer (CWE-843), rated High severity by Chromium and CVSS 8.8 due to network-based exploitation requiring only user interaction. No public exploit identified at time of analysis and EPSS data was not provided, but Chromium V8/bindings issues historically attract exploit development.

Google Memory Corruption RCE +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered through a crafted HTML page. Google rates this Chromium security severity High and a vendor patch is available; no public exploit identified at time of analysis and the bug is not currently listed in CISA KEV.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page served through the New Tab Page. Google rates the underlying Chromium severity as High and a fix is shipped in the stable channel, but no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 can be triggered by an integer overflow in the browser's UI component when a victim visits a crafted HTML page. Rated CVSS 9.6 with scope change, this issue allows a remote attacker to break out of the Chrome renderer sandbox after one click or navigation, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Site isolation bypass in Google Chrome's Extensions subsystem prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to defeat cross-origin security boundaries via a crafted HTML page requiring one user interaction. The root cause is CWE-20 (Improper Input Validation) in the Extensions layer, meaning the Extensions subsystem fails to adequately validate untrusted input before acting on it across site isolation boundaries. EPSS is low at 0.02% (6th percentile), no public exploit code or CISA KEV listing exists at time of analysis, and a vendor patch is confirmed at 149.0.7827.103.

Authentication Bypass Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Payments component, allowing a remote attacker to run arbitrary code in the renderer process via a crafted HTML page. The issue carries a CVSS 8.8 (High) rating and was reported through Google's internal Chrome security process; no public exploit identified at time of analysis. Exploitation requires the victim to load attacker-controlled web content (UI:R), but no authentication or special privileges are needed.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ServiceWorker component, allowing an attacker to break out of Chrome's renderer sandbox through a crafted malicious extension. The flaw is rated Chromium severity High with CVSS 8.3 and no public exploit identified at time of analysis, but the scope-change (S:C) and full CIA impact mean a successful escape grants meaningful control over the host browser process. Exploitation requires the victim to install the attacker's extension, which constrains opportunistic mass exploitation but is realistic against targeted users.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to version 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers an integer overflow in the Media component. Google rates the Chromium severity as High, and no public exploit has been identified at time of analysis. Because exploitation requires chaining with a separate renderer compromise plus user interaction (visiting a malicious page), the attack complexity is High despite the network attack vector.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Mac (versions prior to 149.0.7827.103) stems from a use-after-free condition in the CameraCapture component, enabling a remote attacker to break out of the renderer sandbox via a crafted HTML page. With a CVSS of 9.6 (scope-changed, high impact across CIA) and an upstream fix released by Google, the bug carries high severity but requires user interaction to load the malicious page; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Site isolation bypass in Google Chrome Extensions (versions prior to 149.0.7827.103) enables a remote attacker who has already compromised the renderer process to escape cross-origin content boundaries via a crafted HTML page. The vulnerability stems from improper input validation (CWE-20) in the Extensions subsystem, producing a high integrity impact (I:H) with no confidentiality or availability loss per the CVSS vector. No public exploit code exists and no active exploitation has been confirmed, with EPSS at 0.02% (6th percentile), consistent with a chained, high-complexity attack path.

Authentication Bypass Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox through a use-after-free flaw in the Extensions component, triggered via a crafted HTML page. Google rates the underlying Chromium severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV. The vulnerability is meaningful as the second stage in a multi-bug renderer-to-system exploit chain rather than as a single-shot drive-by.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in Google Chrome's Network component before version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) classified High severity by Chromium with a CVSS 9.6 due to scope change and user-interaction prerequisite. No public exploit identified at time of analysis, but a vendor patch is already shipped via the Stable channel update.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium and carries a CVSS 8.8 score; no public exploit identified at time of analysis, but V8 UAF bugs are historically high-value targets for exploit chains.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS 8.8 score reflecting low attack complexity but requiring user interaction. No public exploit identified at time of analysis, though V8 use-after-frees historically attract rapid weaponization for browser exploit chains.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's FullScreen component on Windows prior to 149.0.7827.103 enables remote attackers to potentially achieve code execution when a victim visits a malicious HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects the network-reachable, low-complexity nature of the bug, tempered by required user interaction (UI:R).

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Printing component. Google rates this High severity, and a vendor patch is available, but no public exploit identified at time of analysis and the vulnerability requires chaining with a separate renderer compromise plus user interaction with a print flow.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ViewTransitions component, allowing a remote attacker to execute arbitrary code within the browser's renderer sandbox by serving a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Google Chrome's V8 JavaScript engine prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw is an out-of-bounds read and write (CWE-125) rated High severity by Chromium with a CVSS 8.8, and no public exploit identified at time of analysis, though V8 memory-corruption issues historically attract exploit development.

Information Disclosure Google Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free in the Views component of Google Chrome on Linux prior to 149.0.7827.103 allows remote attackers to execute arbitrary code by tricking a user into installing a crafted malicious extension. Chromium rates the underlying flaw Critical, though the NVD CVSS score of 7.5 reflects the high attack complexity and required user interaction. No public exploit identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the Proxy component, enabling remote attackers to execute arbitrary code by delivering malicious network traffic. Chromium has rated this issue Critical severity, and while no public exploit is identified at the time of analysis, the network-reachable nature of the Proxy subsystem and Chrome's massive deployment footprint make this a high-priority browser patch. The CVSS 8.1 score reflects high attack complexity offset by no required privileges or user interaction.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting a use-after-free in Web Apps. Chromium rates the severity as Critical, and a vendor patch is available, though no public exploit has been identified at time of analysis. This is a second-stage vulnerability typically chained with a renderer RCE to achieve full browser compromise.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 can be triggered via a use-after-free flaw in the Bluetooth component, allowing a remote attacker to execute arbitrary code when a victim visits a crafted HTML page and performs specific UI gestures. Chromium rates the severity as Critical, though the CVSS 3.1 score of 7.5 reflects high attack complexity and required user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an integer overflow in the libyuv image conversion library. Exploitation requires user interaction with a crafted HTML page and a chained renderer compromise, but Google rated the underlying issue Critical because a successful chain yields code execution outside Chrome's sandbox. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.03%.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 allows a remote attacker to exploit a use-after-free flaw in the Compositing component via a crafted HTML page. Google has rated the underlying Chromium security severity as Critical, and no public exploit identified at time of analysis, though the bug is patched in the latest stable channel. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, which moderates real-world risk despite the high impact.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables remote attackers to break out of the browser's renderer sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Chromium rated this issue Critical severity, and the CVSS scope change (S:C) confirms the sandbox boundary is crossed; no public exploit identified at time of analysis, but the attack only requires the victim to load attacker-controlled content.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Views UI component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Google rates the underlying Chromium severity as Critical, and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.8 score reflects network-reachable exploitation with low complexity but requiring user interaction (visiting the malicious page).

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap corruption in Google Chrome's Autofill component on Windows versions prior to 149.0.7827.103 allows remote attackers to potentially achieve code execution by luring users to a malicious HTML page and convincing them to perform specific UI interactions. Chromium rates the underlying flaw as Critical severity, though CVSS scores it 7.5 due to required user interaction and high attack complexity. No public exploit identified at time of analysis.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Bluetooth component, triggered by a crafted HTML page. Chromium rates the severity as Critical, and a vendor patch is available; no public exploit has been identified at time of analysis, though the bug is tracked in the Chromium issue tracker (516987814).

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to 149.0.7827.103 stems from a use-after-free condition in the browser's Bluetooth subsystem, rated Critical by Chromium's internal severity scale and CVSS 8.8 by NVD. A remote attacker operating a malicious Bluetooth peripheral can trigger memory corruption to execute arbitrary code in the browser process after the victim performs minimal interaction. No public exploit identified at time of analysis, though Google has released a patched Stable channel build addressing the flaw.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the TabStrip UI component, allowing remote attackers to execute arbitrary code when victims interact with a malicious HTML page via specific UI gestures. Google rates the Chromium severity as Critical, and a vendor-released patch is available; no public exploit has been identified at time of analysis. The high attack complexity (AC:H) and required user interaction (UI:R) constrain mass exploitation despite the severe technical impact.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Aura UI framework. Google rates the underlying Chromium issue as Critical severity, though exploitation requires a prior renderer compromise and user interaction (visiting a malicious page). No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's File Input component before version 149.0.7827.103 allows a remote attacker to exploit a use-after-free condition by luring a user to a crafted HTML page, with Chromium rating the issue Critical. No public exploit identified at time of analysis, but the high CVSS 8.8 score and browser attack surface make this a priority patch for desktop fleets.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone display server component prior to version 149.0.7827.103 allows remote attackers to exploit a use-after-free condition through a malicious web page, with Chromium rating this as Critical severity. Successful exploitation requires the victim to visit attacker-controlled HTML content, but yields high impact on confidentiality, integrity, and availability in the renderer process. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Heap corruption via use-after-free in Chrome's Ozone display subsystem (versions prior to 149.0.7827.103) enables a local attacker with physical device access to achieve high-impact compromise across confidentiality, integrity, and availability. The CVSS vector (AV:P/AC:L/PR:N/UI:N) confirms physical presence is the primary prerequisite, with no authentication or user interaction required once access is obtained. No public exploit code or CISA KEV listing has been identified at time of analysis; a vendor-released patch is available in Chrome 149.0.7827.103.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0%
HIGH PATCH This Week

Information disclosure in nebula-mesh through v0.3.1 allows any holder of an operator API key to read the server-wide audit log via GET /api/v1/audit-log, exposing cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entries. The handleGetAuditLog endpoint enforces only bearer authentication with no admin-role check, so a low-privilege tenant can enumerate staffing patterns and high-value targets. Publicly available exploit code exists in the form of a one-line curl reproducer published in the GHSA advisory; no public exploit identified at time of analysis as actively weaponized, and the issue is not on CISA KEV.

Authentication Bypass Google
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

CSV Injection in Poweradmin's log export functionality allows a high-privileged attacker to embed spreadsheet formulas in usernames that execute when an administrator exports activity logs and opens the resulting CSV in Excel, LibreOffice Calc, or Google Sheets. All four log export controllers pass username fields directly to PHP's fputcsv() without neutralizing formula trigger characters (=, +, -, @), enabling phishing via rendered hyperlinks and silent data exfiltration via =IMPORTXML() or similar functions targeting victim administrators. Publicly available exploit code exists per GHSA-3h6h-67x3-cv5x; the vulnerability is not listed in CISA KEV.

Google PHP Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Code injection in the anyquery chrome_tabs plugin (and Brave/Edge/Safari variants) on macOS allows an authenticated SQL client to break out of an AppleScript URL property record and execute arbitrary `osascript` commands, including `do shell script` for OS-level command execution. The flaw affects anyquery 0.4.4 (commit 0abd460) and stems from unescaped string interpolation at plugins/chrome/tabs.go:141 and :169. Publicly available exploit code exists in the GHSA advisory (GHSA-hrj8-hjv8-mgwc), though no public exploit identified at time of analysis in mass-exploitation feeds and KEV does not list it.

Command Injection Code Injection Google +4
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Path traversal in iAI Lab PDF AI App 4.21.0 on Android allows a local low-privileged attacker to manipulate the `_display_name` argument within the `getExternalCacheDir` function of the `chatpdf.pro` component, enabling unauthorized file system access outside the intended cache directory. The CVSS 4.0 score of 1.9 reflects the strictly local attack surface and limited integrity and availability impact with no confidentiality breach. A public proof-of-concept exploit has been released; the vendor was contacted prior to disclosure and did not respond, leaving the vulnerability unpatched.

Google Path Traversal
NVD VulDB GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

Stored Cross-Site Scripting in WP Maps (all versions through 4.9.4) allows authenticated attackers holding the wpgmp_manage_location capability - granted to administrators by default but delegable to lower-privileged roles - to inject persistent malicious scripts via the 'location_messages' parameter. The CVSS scope change (S:C) confirms the injected payload executes across victim browser sessions on any page rendering the affected shortcode, enabling session hijacking or unauthorized actions on behalf of site visitors. No public exploit code has been identified at time of analysis and this CVE is not listed in CISA KEV; however, the delegable capability expands the potential attacker pool beyond pure administrators.

XSS Google WordPress
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Authorization bypass in the Squirrly SEO WordPress plugin (all versions through 12.4.16) allows authenticated attackers with contributor-level access to invoke privileged Squirrly cloud API operations reserved for administrators, including revoking the site's Google Search Console and Google Analytics integrations via the `api/gsc/revoke` and `api/ga/revoke` endpoints. The flaw stems from the plugin's failure to verify the `sq_manage_settings` capability before processing these state-changing cloud API calls, meaning any contributor can silently destroy critical SEO and analytics data connections without administrator knowledge. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass Google WordPress
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in WP Captcha PRO (premium version of the Advanced Google reCAPTCHA WordPress plugin) through version 5.38 allows authenticated Subscriber-level attackers to upload arbitrary files, including PHP webshells, by abusing the licensing module's save_ajax() capability check and the unrestricted archive extraction in sync_cloud_protection(). No public exploit identified at time of analysis, but the CVSS 8.8 rating and trivial Subscriber-level prerequisite - common on sites with open registration - make this a high-priority WordPress ecosystem flaw. Wordfence is the original reporter and primary intelligence source.

File Upload WordPress Google +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authentication bypass in WP Captcha PRO (and the free Advanced Google reCAPTCHA plugin sharing the same slug) for WordPress versions through 5.38 allows authenticated Subscriber-level users to log in as any account, including Administrator. The flaw chains a missing capability check in the ajax_run_tool() AJAX handler with the create_temporary_link tool that issues passwordless login links for arbitrary users, enabling full account takeover. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Authentication Bypass Google WordPress
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Out-of-bounds memory access in Samsung Android USB Driver for Windows (all versions prior to 1.9.5.0) allows a local attacker without elevated privileges to corrupt or read memory beyond allocated bounds, resulting in high availability impact and low integrity impact on the affected Windows host. Samsung has released version 1.9.5.0 as the corrective patch, documented under EUVD-2026-34810. No public exploit code exists and the vulnerability is not listed in CISA KEV at time of analysis, though the CVSS 4.0 AT:P modifier signals a required target-specific condition that narrows exploitability.

Google Microsoft Samsung +3
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Samsung Auto for Android exposes audio configuration functionality through improperly exported application components, allowing a local attacker with low privileges to arbitrarily modify audio settings without authorization. Affected versions are Samsung Auto prior to 3.1.2.61 on Android 15 and prior to 3.2.0.38 on Android 16, as confirmed by the Samsung Mobile vendor advisory and EUVD-2026-34806. No public exploit is identified at time of analysis and this vulnerability has not been added to the CISA KEV catalog, placing it at low real-world priority despite the straightforward local attack path.

Information Disclosure Google Samsung +1
NVD VulDB
Prev Page 9 of 156 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy