Skip to main content

Red Hat

8624 CVEs vendor

Monthly

CVE-2026-45149 npm HIGH PATCH GHSA This Week

{1..10000000}` allocates roughly 505 MB and burns ~800 ms even when `max=10`, defeating the intended DoS protection. No public exploit identified at time of analysis and EPSS is very low (0.03%), but a vendor-released patch (5.0.6) and a GitHub Security Advisory (GHSA-jxxr-4gwj-5jf2) are available.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42326 NuGet MEDIUM PATCH GHSA This Month

Out-of-bounds single-byte heap read in Magick.NET's IPTC encoder exposes all NuGet package variants (Q16, Q16-HDRI, multi-architecture builds) before version 14.13.1 to limited confidentiality and availability impact when processing a crafted input file. The flaw resides in the IPTC output writing pathway: supplying a malicious image file triggers a one-byte over-read of the heap buffer, classified as CWE-125. No active exploitation has been identified (not in CISA KEV), no public exploit code is known, and the local attack vector (AV:L) materially constrains realistic exposure.

Buffer Overflow Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-0438 MEDIUM This Month

System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Information Disclosure Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics Amd Ryzen 7045 Series Mobile Processors With Radeon Graphics Amd Ryzen 7000 Series Desktop Processors Amd Ryzen 9000Hx Series Processors +23
NVD VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-42567 npm MEDIUM PATCH GHSA This Month

Regular expression denial of service (ReDoS) in Svelte 5.51.5 through 5.55.6 allows attackers to cause application hang or crash by passing unconstrained-length tag names to the `<svelte:element>` component, triggering exponential regex evaluation time in the runtime tag validation logic. The vulnerability requires applications to accept user-controlled tag input without length or content restrictions.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-42599 npm MEDIUM PATCH GHSA This Month

Cross-site scripting in Svelte versions up to 5.55.6 allows remote attackers to inject malicious event handlers via spread syntax when rendering untrusted data as element attributes. The vulnerability executes in victims' browsers only when JavaScript is enabled and Svelte's hydration mechanism does not process the vulnerable element before the injected event fires. Vendor-released patch: version 5.55.7.

XSS Red Hat
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-8587 HIGH PATCH This Week

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8586 MEDIUM PATCH This Month

Discretionary access control bypass in Chrome Remote Desktop (Chromoting) allows adjacent network attackers to achieve limited confidentiality, integrity, and availability impact through a malicious file requiring user interaction. Google released Chrome 148.0.7778.168 to address this medium-severity flaw. EPSS score of 0.01% (1st percentile) and CISA SSVC assessment indicate low real-world exploitation probability with no observed exploitation activity. The adjacent network attack vector (AV:A) significantly constrains attacker positioning compared to typical remote vulnerabilities.

Google Authentication Bypass Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-8583 MEDIUM PATCH This Month

Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8582 MEDIUM PATCH This Month

Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8581 HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8580 CRITICAL PATCH Act Now

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-8577 HIGH PATCH This Week

Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8576 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on Linux and ChromeOS allows remote attackers to read sensitive data from other origins via malicious HTML pages exploiting flawed CORS implementation. Affects versions prior to 148.0.7778.168. Google released a patch in their May 2026 stable channel update. EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV). SSVC assessment indicates no current exploitation, non-automatable attack requiring user interaction, with partial technical impact limited to confidentiality breach.

Google Cors Misconfiguration Information Disclosure Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8575 HIGH PATCH This Week

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8574 HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8573 HIGH PATCH This Week

Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8571 HIGH PATCH This Week

Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8570 MEDIUM PATCH This Month

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Memory Corruption Google Red Hat Suse +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8569 HIGH PATCH This Week

Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8567 MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8566 MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Android payment implementation allows remote attackers to bypass access control restrictions through specially crafted HTML pages, affecting Chrome versions prior to 148.0.7778.168 on Android. The vulnerability requires user interaction (visiting a malicious page) but can be exploited remotely without authentication. EPSS exploitation probability is low (0.02%, 4th percentile), and a vendor-released patch is available. While tagged as an authentication bypass, the CVSS impact indicates only low integrity compromise with no confidentiality or availability impact.

Google Authentication Bypass Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8565 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-8564 MEDIUM PATCH This Month

Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-8563 MEDIUM PATCH This Month

Navigation restrictions can be bypassed in Google Chrome for Windows versions prior to 148.0.7778.168 when attackers craft malicious HTML pages that exploit insufficient sandbox policy enforcement in iframe elements. User interaction (opening/visiting the crafted page) is required for exploitation. Google released a patched version addressing this medium-severity flaw. With EPSS exploitation probability at 0.02% (4th percentile) and no KEV listing, this represents a moderate-priority issue primarily affecting organizations running outdated Chrome versions on Windows systems.

Google Authentication Bypass Microsoft Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8562 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.168 enables remote attackers to extract sensitive information from other origins through side-channel attacks in the Navigation component. The vulnerability requires user interaction with a malicious HTML page and exploits timing or behavioral characteristics to bypass same-origin policy protections. EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability, and no active exploitation or public proof-of-concept has been identified at time of analysis. Google has released a patch in Chrome 148.0.7778.168.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8561 MEDIUM PATCH This Month

Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-8559 MEDIUM PATCH This Month

Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8557 HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption Privilege Escalation Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8555 HIGH PATCH This Week

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption RCE +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8552 MEDIUM PATCH This Month

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8551 HIGH PATCH This Week

Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8550 MEDIUM PATCH This Month

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8549 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8548 HIGH PATCH This Week

Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8547 HIGH PATCH This Week

Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Authentication Bypass Privilege Escalation Microsoft Google Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8546 MEDIUM PATCH This Month

Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Information Disclosure Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8544 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8543 MEDIUM PATCH This Month

Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8542 HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8541 MEDIUM PATCH This Month

Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8540 HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8539 MEDIUM PATCH This Month

Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Code Injection Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-8538 MEDIUM PATCH This Month

Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-8537 MEDIUM PATCH This Month

Google Chrome versions prior to 148.0.7778.168 leak cross-origin data through insufficient policy enforcement in the ViewTransitions API when users interact with specially crafted HTML pages. The vulnerability enables remote attackers to bypass same-origin policy protections and extract sensitive information from other origins without authentication, though exploitation requires user interaction (clicking a link or visiting a malicious page). With EPSS at 0.03% (10th percentile) and no confirmed active exploitation, this represents a moderate information disclosure risk primarily affecting organizations where targeted phishing could deliver malicious pages to Chrome users.

Google Cors Misconfiguration Information Disclosure Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8535 MEDIUM PATCH This Month

Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8534 HIGH PATCH This Week

Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8533 HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8532 HIGH PATCH This Week

Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

RCE Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8531 HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Microsoft Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8530 HIGH PATCH This Week

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free Memory Corruption Google +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8529 HIGH PATCH This Week

Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)

Heap Overflow Google RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8528 MEDIUM PATCH This Month

Site Isolation bypass in Google Chrome versions prior to 148.0.7778.168 enables attackers who have already compromised the renderer process to break out of security sandboxes via specially crafted HTML pages. This represents an escalation path within Chrome's multi-process architecture, allowing cross-origin data access after initial renderer compromise. Vendor patch available as of May 2026 stable channel update. EPSS score of 0.02% (6th percentile) indicates minimal observed exploitation activity, and no CISA KEV listing or public POC exists at time of analysis, suggesting lower immediate priority despite the architectural significance of Site Isolation failures.

Google Authentication Bypass Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8527 HIGH PATCH This Week

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

RCE Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8526 HIGH PATCH This Week

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow RCE Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8525 HIGH PATCH This Week

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8524 HIGH PATCH This Week

Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow RCE Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8558 HIGH PATCH This Week

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow RCE Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8523 HIGH PATCH This Week

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8522 HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8521 HIGH PATCH This Week

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8520 HIGH PATCH This Week

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Race Condition Google Information Disclosure Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8519 HIGH PATCH This Week

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8518 HIGH PATCH This Week

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8517 HIGH PATCH This Week

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

RCE Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8516 MEDIUM PATCH This Month

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8515 HIGH PATCH This Week

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8514 HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8513 HIGH PATCH This Week

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8512 HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8511 CRITICAL PATCH Act Now

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-8510 HIGH PATCH This Week

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8509 HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Heap Overflow Google RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-44899 PyPI MEDIUM PATCH GHSA This Month

CSS injection in mistune's Image directive plugin allows unauthenticated remote attackers to inject arbitrary CSS properties via the :width: or :height: options in fenced image directives, enabling full-page phishing overlays and UI redressing attacks. The vulnerability stems from a prefix-only regex validation (_num_re.match() with no end-of-string anchor) that accepts values like '100vw;position:fixed;background-color:#e11d48;...' and renders them unescaped into style= attributes. Confirmed fixed in v3.2.1; publicly available proof-of-concept demonstrates full-viewport colored overlay generation from a single malicious :width: directive.

XSS Apple Python Red Hat
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-44898 PyPI MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) vulnerability in mistune's render_toc_ul() function allows attackers to inject arbitrary HTML and JavaScript into table-of-contents output by crafting malicious heading IDs. When heading identifiers are derived from user-supplied text (standard practice for readable slug anchors), an attacker can break out of the href attribute context with a payload like `x"><script>alert(document.cookie)</script><a href="`, causing the script block to execute in the rendered TOC. The vulnerability requires user interaction (UI:R) to view the poisoned TOC but affects all users of the generated page. Vendor-released patch available in mistune 3.2.1.

XSS Apple Python Red Hat
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-6575 MEDIUM PATCH This Month

Buffer over-read in PostgreSQL 18.0 through 18.3 allows authenticated table maintainers to infer sensitive memory contents by exploiting mismatched array lengths in the pg_restore_attribute_stats() function during query planning. The vulnerability requires authenticated database access and table maintenance privileges but enables information disclosure without modifying data or causing service disruption.

PostgreSQL Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6475 HIGH PATCH This Week

Symlink following vulnerabilities in PostgreSQL pg_basebackup and pg_rewind enable database superusers to overwrite arbitrary files on the destination server's filesystem, leading to local OS account takeover. Exploitation requires a malicious origin database superuser convincing an administrator to run these backup/replication tools (UI:R in CVSS), with practical impact limited to scenarios where database files are transferred between systems or snapshotted before server restart. No public exploit identified at time of analysis. CVSS 8.8 reflects theoretical severity, but real-world risk depends on specific operational workflows involving backup file transfers across trust boundaries.

Information Disclosure PostgreSQL Suse Red Hat
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6474 MEDIUM PATCH This Month

Format string vulnerability in PostgreSQL timeofday() function allows authenticated remote attackers to read arbitrary server memory by supplying crafted timezone values. Affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. The vulnerability enables information disclosure of sensitive data stored in process memory without code execution or data modification capabilities.

Information Disclosure PostgreSQL Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6472 MEDIUM PATCH This Month

Missing authorization in PostgreSQL CREATE TYPE allows authenticated users to hijack search_path resolution and force other database users to execute arbitrary SQL functions chosen by the attacker. An authenticated attacker can create a malicious user-defined type in a schema that appears earlier in a victim's search_path than legitimate extension or system types, causing the victim's queries to execute attacker-controlled functions instead of intended ones. This affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. While CVSS 5.4 is moderate, the attack requires authenticated database access and carries real risk in multi-tenant or shared PostgreSQL environments where privilege escalation or lateral movement is the goal.

Authentication Bypass PostgreSQL Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-8295 MEDIUM PATCH This Month

Integer overflow in simdjson's string_builder::escape_and_append() function allows out-of-bounds memory reads in SIMD routines when processing very large input strings on 32-bit platforms, potentially resulting in information disclosure or memory corruption. The vulnerability affects all versions before 4.6.4 and has been patched by the vendor.

Integer Overflow Information Disclosure Buffer Overflow Red Hat
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-43489 MEDIUM PATCH This Month

State management failure in the Linux kernel liveupdate subsystem allows a local low-privileged user to trigger a use-after-free or double-free condition by retrying a failed LIVEUPDATE_SESSION_RETRIEVE_FD ioctl, resulting in kernel crash or WARN and full availability loss. The luo_file struct's retrieve status is never recorded on failure, leaving the kernel's serialization state machine inconsistent; a retry re-enters retrieve logic against partially freed data structures such as kho folio mappings. No public exploit exists and EPSS is 0.02%, placing this firmly in low-priority territory absent active use of the liveupdate feature.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43488 MEDIUM PATCH This Month

Interrupt storm vulnerability in the Linux kernel xHCI USB host controller driver allows a local user to cause a complete system availability loss by triggering a Host Controller Error (HCE) via UAS storage device hotplug events. Affected kernel versions prior to 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0 fail to invoke xhci_halt() when HCE is detected in xhci_irq(), leaving the interrupt uncleared and the controller running - resulting in a continuous interrupt storm. No public exploit has been identified and EPSS is 0.02% (5th percentile), consistent with the hardware-interaction-dependent trigger, but availability impact is high on affected hosts where USB ports are physically accessible.

Linux Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43487 MEDIUM PATCH This Month

Random system freeze vulnerability in the Linux kernel's libata-core subsystem affects any Linux host physically equipped with a Seagate ST1000DM010-2EP102 BarraCuda hard drive, where the kernel's default enablement of SATA Link Power Management (LPM) causes the drive to fail its wake sequence and hang the system irrecoverably. The ST1000DM010-2EP102 belongs to the same BarraCuda family as the ST2000DM008-2FR102, for which an LPM quirk already exists in libata - the fix extends that quirk to cover this model. No active exploitation has been identified (absent from CISA KEV), and EPSS at 0.02% reflects negligible adversarial interest, consistent with this being a hardware compatibility defect rather than a traditional security flaw.

Linux Barracuda Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43486 MEDIUM PATCH This Month

Infinite fault loop in the Linux kernel's arm64 contiguous PTE (contpte) subsystem exposes systems using SMMU or CPU configurations without hardware dirty-bit management support to a local denial of service. The defect in `contpte_ptep_set_access_flags()` causes a gathered AF/dirty-bit view across contiguous sub-PTEs to produce false no-ops, leaving individual target sub-PTEs in a stale hardware state that triggers perpetual page faults on non-FEAT_HAFDBS-aware walkers such as SMMMUs without HTTU or CPUs with HA/HD disabled in CD.TCR. No confirmed active exploitation exists; EPSS is 0.02% at the 5th percentile, consistent with the hardware-specific, local-only attack surface.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43485 MEDIUM PATCH This Month

Spurious WARN_ON assertions in the Linux kernel's nouveau/gsp ACPI probe routines trigger frequently during normal NVIDIA GPU initialization, creating an availability risk on affected systems. On kernels configured with panic_on_warn=1, each triggered WARN_ON escalates to a full kernel panic, while on default configurations it produces excessive kernel log noise that degrades observability. Affected kernel versions range from the introduction of commit 176fdcbddfd2 through stable branches fixed in 6.18.19, 6.19.9, and 7.0; no active exploitation is identified (EPSS 0.02%, not in CISA KEV).

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43484 MEDIUM PATCH This Month

Concurrent bitfield RMW (Read-Modify-Write) corruption in the Linux kernel MMC core subsystem allows a local authenticated user to trigger spurious WARN_ON panics or system instability on MMC-enabled devices. The root cause is that host->claimed and retune control flags shared a single bitfield word; under concurrent access from __mmc_claim_host() and mmc_mq_queue_rq(), non-atomic RMW operations allow one thread's write to silently overwrite bits modified by another, corrupting MMC host state. No public exploit has been identified at time of analysis, and EPSS sits at 0.02% (7th percentile), reflecting the narrow, race-window-dependent trigger and low attacker leverage on commodity systems.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43483 MEDIUM PATCH This Month

CR8 write interception mismanagement in KVM's AMD SVM implementation crashes Windows guests on AMD hypervisors with AVIC enabled. When KVM emulates INIT→WFS sequences while AVIC is temporarily deactivated, the CR8 write intercept flag is not cleared upon AVIC reactivation, leaving it permanently enabled. In isolation this is a performance regression, but combined with the TPR synchronization flaw addressed by commit d02e48830e3f, the divergence between hardware-visible and guest-visible TPR values becomes fatal to Windows guests. No public exploit identified at time of analysis; EPSS is 0.02% (7th percentile) and no CISA KEV listing exists.

Linux Microsoft Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43482 MEDIUM PATCH This Month

A race condition in the Linux kernel's sched_ext BPF scheduler subsystem allows a local low-privileged user to permanently hang the system when sched_ext is actively loaded. Between scx_claim_exit() atomically marking error exit and the subsequent kick of the helper kthread, a preemption window exists where the BPF scheduler - now with error handling disabled - may fail to reschedule the calling task, leaving the helper work permanently unqueued. The result is bypass mode never activating, task dispatching halting, and a complete system wedge. No public exploit has been identified and EPSS sits at 0.02% (5th percentile), but the availability impact is total for affected systems running a custom BPF scheduler.

Authentication Bypass Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43480 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's AMD ASoC ACP3x audio driver (acp3x-rt5682-max9836) allows a local low-privileged user on affected hardware to crash the kernel. The flaw originates in acp3x_5682_init(), which failed to validate the return value of clk_get() before passing it to rt5682_clk_enable(), meaning an error pointer could be dereferenced directly. No public exploit identified at time of analysis and the EPSS score of 0.02% (7th percentile) reflects extremely low exploitation interest; this vulnerability is not listed in the CISA KEV catalog.

Linux Amd Denial Of Service Null Pointer Dereference Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43479 MEDIUM PATCH This Month

Kernel availability disruption in the Linux lan78xx USB-to-Ethernet driver allows a local user with low privileges to trigger a kernel WARN in __netif_napi_del_locked() by disconnecting an affected USB Ethernet adapter. The root cause is a redundant netif_napi_del() call in the driver's disconnect path while NAPI processing is still active, conflicting with the teardown that unregister_netdev() performs automatically. No public exploit exists and EPSS is 0.02% (4th percentile), indicating very low real-world exploitation interest; this is primarily a stability and denial-of-service concern on embedded and desktop Linux systems using the SMSC/Microchip LAN78xx adapter family.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43478 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's RT1011 ASoC codec driver allows a local, low-privileged user to crash the kernel on systems equipped with Realtek RT1011 smart speaker amplifier hardware. The flaw in rt1011_recv_spk_mode_put() uses an incorrect helper to retrieve the DAPM (Dynamic Audio Power Management) context from a kcontrol object, yielding a NULL pointer that is subsequently dereferenced, triggering a kernel oops or panic. No public exploit is identified and EPSS of 0.02% (5th percentile) reflects negligible real-world exploitation probability, though vendor-confirmed patches are available in Linux 6.19.9 and 7.0.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

{1..10000000}` allocates roughly 505 MB and burns ~800 ms even when `max=10`, defeating the intended DoS protection. No public exploit identified at time of analysis and EPSS is very low (0.03%), but a vendor-released patch (5.0.6) and a GitHub Security Advisory (GHSA-jxxr-4gwj-5jf2) are available.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Out-of-bounds single-byte heap read in Magick.NET's IPTC encoder exposes all NuGet package variants (Q16, Q16-HDRI, multi-architecture builds) before version 14.13.1 to limited confidentiality and availability impact when processing a crafted input file. The flaw resides in the IPTC output writing pathway: supplying a malicious image file triggers a one-byte over-read of the heap buffer, classified as CWE-125. No active exploitation has been identified (not in CISA KEV), no public exploit code is known, and the local attack vector (AV:L) materially constrains realistic exposure.

Buffer Overflow Information Disclosure Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Information Disclosure Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics Amd Ryzen 7045 Series Mobile Processors With Radeon Graphics +25
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Regular expression denial of service (ReDoS) in Svelte 5.51.5 through 5.55.6 allows attackers to cause application hang or crash by passing unconstrained-length tag names to the `<svelte:element>` component, triggering exponential regex evaluation time in the runtime tag validation logic. The vulnerability requires applications to accept user-controlled tag input without length or content restrictions.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Cross-site scripting in Svelte versions up to 5.55.6 allows remote attackers to inject malicious event handlers via spread syntax when rendering untrusted data as element attributes. The vulnerability executes in victims' browsers only when JavaScript is enabled and Svelte's hydration mechanism does not process the vulnerable element before the injected event fires. Vendor-released patch: version 5.55.7.

XSS Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Discretionary access control bypass in Chrome Remote Desktop (Chromoting) allows adjacent network attackers to achieve limited confidentiality, integrity, and availability impact through a malicious file requiring user interaction. Google released Chrome 148.0.7778.168 to address this medium-severity flaw. EPSS score of 0.01% (1st percentile) and CISA SSVC assessment indicate low real-world exploitation probability with no observed exploitation activity. The adjacent network attack vector (AV:A) significantly constrains attacker positioning compared to typical remote vulnerabilities.

Google Authentication Bypass Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on Linux and ChromeOS allows remote attackers to read sensitive data from other origins via malicious HTML pages exploiting flawed CORS implementation. Affects versions prior to 148.0.7778.168. Google released a patch in their May 2026 stable channel update. EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV). SSVC assessment indicates no current exploitation, non-automatable attack requiring user interaction, with partial technical impact limited to confidentiality breach.

Google Cors Misconfiguration Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Google Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in Google Chrome's Android payment implementation allows remote attackers to bypass access control restrictions through specially crafted HTML pages, affecting Chrome versions prior to 148.0.7778.168 on Android. The vulnerability requires user interaction (visiting a malicious page) but can be exploited remotely without authentication. EPSS exploitation probability is low (0.02%, 4th percentile), and a vendor-released patch is available. While tagged as an authentication bypass, the CVSS impact indicates only low integrity compromise with no confidentiality or availability impact.

Google Authentication Bypass Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Navigation restrictions can be bypassed in Google Chrome for Windows versions prior to 148.0.7778.168 when attackers craft malicious HTML pages that exploit insufficient sandbox policy enforcement in iframe elements. User interaction (opening/visiting the crafted page) is required for exploitation. Google released a patched version addressing this medium-severity flaw. With EPSS exploitation probability at 0.02% (4th percentile) and no KEV listing, this represents a moderate-priority issue primarily affecting organizations running outdated Chrome versions on Windows systems.

Google Authentication Bypass Microsoft +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.168 enables remote attackers to extract sensitive information from other origins through side-channel attacks in the Navigation component. The vulnerability requires user interaction with a malicious HTML page and exploits timing or behavioral characteristics to bypass same-origin policy protections. EPSS score of 0.03% (10th percentile) indicates low observed exploitation probability, and no active exploitation or public proof-of-concept has been identified at time of analysis. Google has released a patch in Chrome 148.0.7778.168.

Google Information Disclosure Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +6
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Authentication Bypass Privilege Escalation Microsoft +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google RCE +3
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Code Injection Google RCE +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Google Chrome versions prior to 148.0.7778.168 leak cross-origin data through insufficient policy enforcement in the ViewTransitions API when users interact with specially crafted HTML pages. The vulnerability enables remote attackers to bypass same-origin policy protections and extract sensitive information from other origins without authentication, though exploitation requires user interaction (clicking a link or visiting a malicious page). With EPSS at 0.03% (10th percentile) and no confirmed active exploitation, this represents a moderate information disclosure risk primarily affecting organizations where targeted phishing could deliver malicious pages to Chrome users.

Google Cors Misconfiguration Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Buffer Overflow Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

RCE Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Microsoft +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)

Heap Overflow Google RCE +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Site Isolation bypass in Google Chrome versions prior to 148.0.7778.168 enables attackers who have already compromised the renderer process to break out of security sandboxes via specially crafted HTML pages. This represents an escalation path within Chrome's multi-process architecture, allowing cross-origin data access after initial renderer compromise. Vendor patch available as of May 2026 stable channel update. EPSS score of 0.02% (6th percentile) indicates minimal observed exploitation activity, and no CISA KEV listing or public POC exists at time of analysis, suggesting lower immediate priority despite the architectural significance of Site Isolation failures.

Google Authentication Bypass Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

RCE Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Race Condition Google Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

RCE Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Heap Overflow Google RCE +4
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

CSS injection in mistune's Image directive plugin allows unauthenticated remote attackers to inject arbitrary CSS properties via the :width: or :height: options in fenced image directives, enabling full-page phishing overlays and UI redressing attacks. The vulnerability stems from a prefix-only regex validation (_num_re.match() with no end-of-string anchor) that accepts values like '100vw;position:fixed;background-color:#e11d48;...' and renders them unescaped into style= attributes. Confirmed fixed in v3.2.1; publicly available proof-of-concept demonstrates full-viewport colored overlay generation from a single malicious :width: directive.

XSS Apple Python +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in mistune's render_toc_ul() function allows attackers to inject arbitrary HTML and JavaScript into table-of-contents output by crafting malicious heading IDs. When heading identifiers are derived from user-supplied text (standard practice for readable slug anchors), an attacker can break out of the href attribute context with a payload like `x"><script>alert(document.cookie)</script><a href="`, causing the script block to execute in the rendered TOC. The vulnerability requires user interaction (UI:R) to view the poisoned TOC but affects all users of the generated page. Vendor-released patch available in mistune 3.2.1.

XSS Apple Python +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Buffer over-read in PostgreSQL 18.0 through 18.3 allows authenticated table maintainers to infer sensitive memory contents by exploiting mismatched array lengths in the pg_restore_attribute_stats() function during query planning. The vulnerability requires authenticated database access and table maintenance privileges but enables information disclosure without modifying data or causing service disruption.

PostgreSQL Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Symlink following vulnerabilities in PostgreSQL pg_basebackup and pg_rewind enable database superusers to overwrite arbitrary files on the destination server's filesystem, leading to local OS account takeover. Exploitation requires a malicious origin database superuser convincing an administrator to run these backup/replication tools (UI:R in CVSS), with practical impact limited to scenarios where database files are transferred between systems or snapshotted before server restart. No public exploit identified at time of analysis. CVSS 8.8 reflects theoretical severity, but real-world risk depends on specific operational workflows involving backup file transfers across trust boundaries.

Information Disclosure PostgreSQL Suse +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Format string vulnerability in PostgreSQL timeofday() function allows authenticated remote attackers to read arbitrary server memory by supplying crafted timezone values. Affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. The vulnerability enables information disclosure of sensitive data stored in process memory without code execution or data modification capabilities.

Information Disclosure PostgreSQL Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Missing authorization in PostgreSQL CREATE TYPE allows authenticated users to hijack search_path resolution and force other database users to execute arbitrary SQL functions chosen by the attacker. An authenticated attacker can create a malicious user-defined type in a schema that appears earlier in a victim's search_path than legitimate extension or system types, causing the victim's queries to execute attacker-controlled functions instead of intended ones. This affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. While CVSS 5.4 is moderate, the attack requires authenticated database access and carries real risk in multi-tenant or shared PostgreSQL environments where privilege escalation or lateral movement is the goal.

Authentication Bypass PostgreSQL Suse +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Integer overflow in simdjson's string_builder::escape_and_append() function allows out-of-bounds memory reads in SIMD routines when processing very large input strings on 32-bit platforms, potentially resulting in information disclosure or memory corruption. The vulnerability affects all versions before 4.6.4 and has been patched by the vendor.

Integer Overflow Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

State management failure in the Linux kernel liveupdate subsystem allows a local low-privileged user to trigger a use-after-free or double-free condition by retrying a failed LIVEUPDATE_SESSION_RETRIEVE_FD ioctl, resulting in kernel crash or WARN and full availability loss. The luo_file struct's retrieve status is never recorded on failure, leaving the kernel's serialization state machine inconsistent; a retry re-enters retrieve logic against partially freed data structures such as kho folio mappings. No public exploit exists and EPSS is 0.02%, placing this firmly in low-priority territory absent active use of the liveupdate feature.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Interrupt storm vulnerability in the Linux kernel xHCI USB host controller driver allows a local user to cause a complete system availability loss by triggering a Host Controller Error (HCE) via UAS storage device hotplug events. Affected kernel versions prior to 6.6.130, 6.12.78, 6.18.19, 6.19.9, and 7.0 fail to invoke xhci_halt() when HCE is detected in xhci_irq(), leaving the interrupt uncleared and the controller running - resulting in a continuous interrupt storm. No public exploit has been identified and EPSS is 0.02% (5th percentile), consistent with the hardware-interaction-dependent trigger, but availability impact is high on affected hosts where USB ports are physically accessible.

Linux Information Disclosure Google +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Random system freeze vulnerability in the Linux kernel's libata-core subsystem affects any Linux host physically equipped with a Seagate ST1000DM010-2EP102 BarraCuda hard drive, where the kernel's default enablement of SATA Link Power Management (LPM) causes the drive to fail its wake sequence and hang the system irrecoverably. The ST1000DM010-2EP102 belongs to the same BarraCuda family as the ST2000DM008-2FR102, for which an LPM quirk already exists in libata - the fix extends that quirk to cover this model. No active exploitation has been identified (absent from CISA KEV), and EPSS at 0.02% reflects negligible adversarial interest, consistent with this being a hardware compatibility defect rather than a traditional security flaw.

Linux Barracuda Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Infinite fault loop in the Linux kernel's arm64 contiguous PTE (contpte) subsystem exposes systems using SMMU or CPU configurations without hardware dirty-bit management support to a local denial of service. The defect in `contpte_ptep_set_access_flags()` causes a gathered AF/dirty-bit view across contiguous sub-PTEs to produce false no-ops, leaving individual target sub-PTEs in a stale hardware state that triggers perpetual page faults on non-FEAT_HAFDBS-aware walkers such as SMMMUs without HTTU or CPUs with HA/HD disabled in CD.TCR. No confirmed active exploitation exists; EPSS is 0.02% at the 5th percentile, consistent with the hardware-specific, local-only attack surface.

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Spurious WARN_ON assertions in the Linux kernel's nouveau/gsp ACPI probe routines trigger frequently during normal NVIDIA GPU initialization, creating an availability risk on affected systems. On kernels configured with panic_on_warn=1, each triggered WARN_ON escalates to a full kernel panic, while on default configurations it produces excessive kernel log noise that degrades observability. Affected kernel versions range from the introduction of commit 176fdcbddfd2 through stable branches fixed in 6.18.19, 6.19.9, and 7.0; no active exploitation is identified (EPSS 0.02%, not in CISA KEV).

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Concurrent bitfield RMW (Read-Modify-Write) corruption in the Linux kernel MMC core subsystem allows a local authenticated user to trigger spurious WARN_ON panics or system instability on MMC-enabled devices. The root cause is that host->claimed and retune control flags shared a single bitfield word; under concurrent access from __mmc_claim_host() and mmc_mq_queue_rq(), non-atomic RMW operations allow one thread's write to silently overwrite bits modified by another, corrupting MMC host state. No public exploit has been identified at time of analysis, and EPSS sits at 0.02% (7th percentile), reflecting the narrow, race-window-dependent trigger and low attacker leverage on commodity systems.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CR8 write interception mismanagement in KVM's AMD SVM implementation crashes Windows guests on AMD hypervisors with AVIC enabled. When KVM emulates INIT→WFS sequences while AVIC is temporarily deactivated, the CR8 write intercept flag is not cleared upon AVIC reactivation, leaving it permanently enabled. In isolation this is a performance regression, but combined with the TPR synchronization flaw addressed by commit d02e48830e3f, the divergence between hardware-visible and guest-visible TPR values becomes fatal to Windows guests. No public exploit identified at time of analysis; EPSS is 0.02% (7th percentile) and no CISA KEV listing exists.

Linux Microsoft Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A race condition in the Linux kernel's sched_ext BPF scheduler subsystem allows a local low-privileged user to permanently hang the system when sched_ext is actively loaded. Between scx_claim_exit() atomically marking error exit and the subsequent kick of the helper kthread, a preemption window exists where the BPF scheduler - now with error handling disabled - may fail to reschedule the calling task, leaving the helper work permanently unqueued. The result is bypass mode never activating, task dispatching halting, and a complete system wedge. No public exploit has been identified and EPSS sits at 0.02% (5th percentile), but the availability impact is total for affected systems running a custom BPF scheduler.

Authentication Bypass Linux Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's AMD ASoC ACP3x audio driver (acp3x-rt5682-max9836) allows a local low-privileged user on affected hardware to crash the kernel. The flaw originates in acp3x_5682_init(), which failed to validate the return value of clk_get() before passing it to rt5682_clk_enable(), meaning an error pointer could be dereferenced directly. No public exploit identified at time of analysis and the EPSS score of 0.02% (7th percentile) reflects extremely low exploitation interest; this vulnerability is not listed in the CISA KEV catalog.

Linux Amd Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel availability disruption in the Linux lan78xx USB-to-Ethernet driver allows a local user with low privileges to trigger a kernel WARN in __netif_napi_del_locked() by disconnecting an affected USB Ethernet adapter. The root cause is a redundant netif_napi_del() call in the driver's disconnect path while NAPI processing is still active, conflicting with the teardown that unregister_netdev() performs automatically. No public exploit exists and EPSS is 0.02% (4th percentile), indicating very low real-world exploitation interest; this is primarily a stability and denial-of-service concern on embedded and desktop Linux systems using the SMSC/Microchip LAN78xx adapter family.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's RT1011 ASoC codec driver allows a local, low-privileged user to crash the kernel on systems equipped with Realtek RT1011 smart speaker amplifier hardware. The flaw in rt1011_recv_spk_mode_put() uses an incorrect helper to retrieve the DAPM (Dynamic Audio Power Management) context from a kcontrol object, yielding a NULL pointer that is subsequently dereferenced, triggering a kernel oops or panic. No public exploit is identified and EPSS of 0.02% (5th percentile) reflects negligible real-world exploitation probability, though vendor-confirmed patches are available in Linux 6.19.9 and 7.0.

Linux Denial Of Service Red Hat +1
NVD VulDB
Prev Page 13 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy