Skip to main content

Red Hat

8624 CVEs vendor

Monthly

CVE-2026-49943 MEDIUM This Month

Stack-based buffer overflow in CZ.NIC BIRD Internet Routing Daemon through 2.19.0 allows an established BGP peer to crash the daemon by sending a crafted AS_PATH exceeding 2048 expanded ASNs when RFC 8654 Extended Messages are enabled and an AS path mask filter is active. The as_path_match() function in nest/a-path.c uses a fixed 2049-entry stack array while parse_path() expands AS_PATH segments without enforcing a corresponding capacity limit, causing a write beyond the stack buffer boundary and a daemon crash. No public exploit identified at time of analysis; notably, the vendor has explicitly declined to prioritize a fix, instead citing operator best-practice filtering as the expected mitigation.

Buffer Overflow Stack Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-46718 Maven MEDIUM PATCH This Month

Unsafe reflection in Apache Calcite 1.5.0 through 1.41 allows unauthenticated remote attackers to supply externally-controlled input that influences class or code selection at runtime, resulting in partial confidentiality and integrity impact (CVSS C:L/I:L). The vulnerability stems from CWE-470, where user-supplied input is used unsanitized to drive Java reflection operations. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.02% (7th percentile) indicates low community-assessed exploitation probability at time of analysis.

Information Disclosure Apache Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5422 PyPI HIGH PATCH This Week

Path traversal in Jupyter Server 2.17.0 allows authenticated users to read and write files in sibling directories outside the configured root, via a flawed startswith() boundary check in _get_os_path() combined with to_os_path() failing to strip '..' sequences. With CVSS 8.1 (high confidentiality and integrity impact) and a publicly available proof-of-concept disclosed through huntr, the issue is particularly dangerous in shared/multi-tenant hosting where multiple Jupyter instances share a parent directory. EPSS is currently low (0.05%), and there is no public exploit identified at time of analysis beyond the huntr POC reference.

Information Disclosure Path Traversal Red Hat Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-3198 PyPI MEDIUM PATCH This Month

Missing authorization enforcement in MLflow 3.9.0 allows any low-privileged authenticated user to enumerate all gateway secrets, endpoints, and model definitions via three unprotected Gateway API list endpoints. The root cause is an omission in the `BEFORE_REQUEST_HANDLERS` dictionary within `mlflow/server/auth/__init__.py`, which gates authorization for request handlers - three Gateway API list operations (`ListGatewaySecretInfos`, `ListGatewayEndpoints`, `ListGatewayModelDefinitions`) are absent from this registry, bypassing access control entirely when basic-auth is active. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the low attack complexity and high confidentiality impact warrant prompt remediation in any deployment with multi-tenant or least-privilege access expectations.

Authentication Bypass Mlflow Mlflow Red Hat
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2026-10517 Go MEDIUM This Month

Server-Side Request Forgery in Clair's fetcher component exposes internal network services and cloud metadata endpoints to unauthenticated remote attackers who can submit container image manifests with crafted layer descriptor URIs. Affected deployments are those where PSK (Pre-Shared Key) authentication is not configured - an opt-in control that is not enforced by default - meaning standalone or custom Clair installations without PSK are directly exploitable over the network with no credentials. Reflective SSRF behavior leaks up to 256 bytes of internal error body content per request via CheckResponse error messages, enabling network reconnaissance; no public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.

Red Hat SSRF Suse
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-48827 Maven HIGH PATCH GHSA This Week

Path traversal in the org.apache.sshd:sshd-git component of Apache MINA SSHD allows authenticated remote attackers to read files outside the intended Git repository directory by supplying crafted path references over SSH. The flaw was disclosed pre-NVD on the oss-security mailing list on 2026-05-30 by Apache maintainer Thomas Wolf, with no public exploit identified at time of analysis and no CISA KEV listing.

Apache Path Traversal Denial Of Service Suse Red Hat
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-47190 Go MEDIUM PATCH GHSA This Month

Excessive RBAC permissions in the Metal3 ip-address-manager (IPAM) controller's ClusterRole expose Kubernetes Secrets to post-compromise abuse. The metal3-ipam-controller-manager-role granted full CRUD on core/v1 Secrets - yet PR diff evidence confirms the controller never accesses Secrets in normal operation, making these permissions entirely unnecessary. If the controller pod is compromised via a supply chain attack or container escape, an attacker inheriting the controller's service account token can read, modify, or delete any Secret in the namespace, turning a narrow container compromise into cluster-wide credential exfiltration. No public exploit exists and no CISA KEV listing, but the confidentiality impact is rated High (C:H) by NVD.

Privilege Escalation Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-47141 npm MEDIUM PATCH GHSA This Month

Host process data leakage in vm2 (npm/vm2 <= 3.11.3) allows untrusted JavaScript executing inside a NodeVM sandbox to read sensitive host-process state - including HTTP Authorization headers, session tokens, and AsyncLocalStorage request context - by requiring process-wide observability builtins that were incorrectly absent from the DANGEROUS_BUILTINS denylist. The affected modules (diagnostics_channel, async_hooks, perf_hooks) are Node.js process-wide singletons, not sandbox-local constructs, so granting sandbox access to them exposes all host process data flowing through those channels. A publicly available exploit code exists confirming extraction of Bearer tokens and x-session-token headers from live host HTTP requests; this is not confirmed actively exploited (not in CISA KEV).

Information Disclosure Node.js Red Hat
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-47139 npm HIGH PATCH GHSA This Week

Sandbox network isolation bypass in vm2 NodeVM (versions <= 3.11.3) allows untrusted JavaScript running in the sandbox to regain outbound and listening network access despite explicit exclusions of public network modules. Remote attackers (in the threat model where the application accepts untrusted code) can leverage Node.js's undocumented underscored builtins such as `_http_client` and `_http_server` to reach internal services, cloud metadata endpoints, and localhost-only admin panels. Publicly available exploit code exists (PoC published in the GHSA advisory), and a vendor-released patch is available in version 3.11.4.

SSRF Node.js Red Hat
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-46344 MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Denial Of Service Information Disclosure Oracle Buffer Overflow Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44518 MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Denial Of Service Oracle Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-47140 npm CRITICAL PATCH GHSA Act Now

Sandbox escape leading to remote code execution in vm2 NodeVM versions 3.11.3 and earlier allows attackers running untrusted JavaScript inside the sandbox to break out via two missing entries in the dangerous-builtin denylist: `process` (whose `getBuiltinModule()` reloads any core module, including `child_process`) and `inspector/promises` (whose `Session().post('Runtime.evaluate', ...)` evaluates code in the host realm). The flaw is exploitable only when the embedder allows `process`, `inspector/promises`, or wildcard `*` in `require.builtin`. Publicly available exploit code exists (PoC published with the advisory), and a patch is available in vm2 3.11.4; no public exploit identified at time of analysis as actively used in the wild.

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-47210 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows arbitrary code execution in the Node.js host process when untrusted code is run on runtimes exposing WebAssembly JSPI (Node 24 with --experimental-wasm-jspi, or Node 26+ by default). A working PoC demonstrates that a JSPI-backed Promise reaches host-realm Promise.prototype.finally without bridge interposition, letting attacker-controlled species logic walk a rejection object's constructor chain to host process and execute arbitrary commands. No public exploit identified as actively used in the wild, but a complete weaponized PoC is published in the GHSA advisory.

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47137 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows full remote code execution by bypassing the GHSA-8hg8-63c5-gwmx (CVE-2023-37903) patch through omission of the require option when nesting:true is set. Publicly available exploit code exists in the GHSA advisory itself, and with a CVSS of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) any application passing untrusted code to a NodeVM configured this way is trivially compromised on the host.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-47209 npm HIGH PATCH GHSA This Week

Sandbox escape in vm2 (npm) versions ≤ 3.11.3 allows untrusted code running inside the VM to write arbitrary properties - including dangerous Symbol-keyed properties like `nodejs.util.promisify.custom` - onto host-realm objects via a Proxy `set`-trap receiver-handling flaw. Because any inheriting child object (`Object.create(hostObj)`) becomes a write channel into the host, attackers can hijack host control flow when the host later dispatches through the polluted slot, escalating from sandbox integrity loss to host-realm code execution. Publicly documented reproduction exists in the GHSA advisory; no public exploit identified at time of analysis and not on the CISA KEV list.

RCE Red Hat
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-47135 npm HIGH PATCH GHSA This Week

Sandbox escape in vm2 versions 3.11.2 and earlier (through 3.11.3) allows sandboxed JavaScript to obtain real Node.js cross-realm symbols and write them onto host objects, hijacking host-side control flow such as util.promisify, stream duck-typing, and WebStream internals. The flaw stems from an incomplete Symbol.for override that blocks only 2 of 9 dangerous nodejs.* symbols and from bridge write traps that lack the dangerous-symbol guard present on read traps. A working proof-of-concept hijacking util.promisify is published in the GHSA advisory, and a vendor patch (3.11.4) is available; no entry in CISA KEV at time of analysis.

Apple Node.js Authentication Bypass Red Hat
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-47208 npm CRITICAL PATCH GHSA Act Now

Remote code execution in the vm2 Node.js sandbox library (versions <= 3.11.3) allows sandboxed JavaScript to escape isolation and execute arbitrary commands on the host. The flaw stems from a missing resetPromiseSpecies call in the localPromise swallow tail, letting a sandbox subclass hijack Promise species resolution and capture a raw host-realm RangeError that exposes the host Function constructor. Publicly available exploit code exists (POC published in the advisory), though no public exploit identified at time of analysis as actively exploited in the wild; given vm2's heavy use as an untrusted-code sandbox in SaaS, CI, and serverless platforms, this is a top-priority issue.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-47131 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in the vm2 Node.js sandbox library (versions <= 3.11.3) allows untrusted JavaScript executed inside a vm2 VM to reach the host realm and achieve arbitrary code execution. By chaining Buffer.call.call indirection with __lookupGetter__/__lookupSetter__ to obtain host Object.prototype.__proto__ accessors and using a WebAssembly.compileStreaming rejection to surface a host TypeError, an attacker severs a host prototype chain, causing the bridge's proto-walk to return the raw host error unwrapped - yielding e.constructor.constructor as host Function and full RCE. Publicly available exploit code exists (advisory ships a working PoC); CVSS is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-44490 npm HIGH PATCH GHSA This Week

Denial-of-service and HTTP header injection in the axios npm package (>=1.0.0,<1.16.0 and <=0.31.1) arise from two read-side prototype-pollution gadgets in lib/utils.js merge() and lib/core/mergeConfig.js, allowing a polluted Object.prototype (typically from an upstream dependency such as lodash CVE-2018-16487) to inject arbitrary outbound headers or crash every axios call with a synchronous TypeError. Publicly available exploit code exists in the GHSA advisory PoC, but EPSS is only 0.04% (13th percentile) and SSVC marks Automatable=no with partial technical impact, so this is a credible secondary-gadget risk rather than a mass-exploitation target.

Denial Of Service Prototype Pollution Red Hat
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-44489 npm MEDIUM PATCH GHSA This Month

{} instances that inherit from Object.prototype - and setProxy() in lib/adapters/http.js reads proxy.username and proxy.auth without hasOwnProperty guards, allowing prototype-polluted values to forge a Proxy-Authorization header injected into every proxied request. A working proof of concept has been publicly disclosed by the reporter; no active exploitation has been confirmed (not in CISA KEV).

Apple Node.js Authentication Bypass Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-48501 Go HIGH PATCH GHSA This Week

Token leakage in GitHub CLI versions through 2.92.0 causes authentication tokens to be transmitted to unintended hosts when users run gh attestation, gh release verify, or gh release verify-asset commands. The flawed host normalization collapses *.github.com subdomains to github.com, leaking github.com tokens to tuf-repo.github.com (a GitHub Pages domain), while GH_ENTERPRISE_TOKEN values leak to external hosts tuf-repo-cdn.sigstore.dev and tmaproduction.blob.core.windows.net. No public exploit identified at time of analysis, and the vendor (GitHub) reports no evidence that tokens were captured or misused.

Microsoft Authentication Bypass Red Hat
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-10052 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Red Hat Quay 3's config-tool allows a highly privileged attacker with config editor access to probe internal network infrastructure from the Quay pod's network position. By supplying attacker-controlled endpoints to the LDAP and SMTP validation functions - which make outbound connections without IP or hostname filtering - the attacker can enumerate internal services and map network topology behind the container boundary. The scope change (S:C) in the CVSS vector confirms that exploitation reaches systems beyond the Quay component itself. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

SSRF Red Hat
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-6324 MEDIUM PATCH This Month

HTTP request smuggling in libsoup allows remote unauthenticated attackers to exploit an unsigned-to-signed integer conversion error in the `soup_body_input_stream_read_chunked()` function via a crafted HTTP request. The vulnerability is confined to specific proxy topologies where libsoup operates either behind or in front of a non-libsoup HTTP intermediary, and successful exploitation can result in authentication bypass, web cache poisoning, or unauthorized access. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV, but the integrity and confidentiality impacts warrant urgent attention in any affected mixed-proxy deployment.

Request Smuggling Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-10028 MEDIUM PATCH This Month

Denial of service in glib-networking allows a remote unauthenticated attacker to exhaust CPU resources in any application using the library's GnuTLS backend for certificate verification. By presenting a TLS certificate chain containing circular issuer relationships, the attacker triggers an unbounded loop (CWE-835) in the verification logic that never terminates. EPSS data was not provided; no public exploit code and no CISA KEV listing exist at time of analysis, placing this firmly in the 'monitor and patch' tier rather than emergency response.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-10021 HIGH PATCH This Week

Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code in the browser context by luring a victim to a crafted HTML page that abuses insufficient input validation in the WebUSB component. The flaw carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and Chromium rates it Medium severity; no public exploit identified at time of analysis and it is not currently listed in CISA KEV. A vendor patch shipped via the Chrome Stable channel mitigates the issue.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-10019 HIGH PATCH This Week

Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the ANGLE graphics translation layer, allowing a remote attacker who lures a user to a crafted HTML page to bypass same-origin protections and exfiltrate sensitive data from other domains. The flaw carries a CVSS 8.8 rating due to network reachability and high impact across confidentiality, integrity, and availability, though Chromium itself rates the severity as Medium. EPSS is very low at 0.03% (11th percentile) and no public exploit identified at time of analysis, indicating limited near-term exploitation pressure despite the high CVSS.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10018 MEDIUM PATCH This Month

Integer overflow in ANGLE (Chrome's graphics translation layer) in Google Chrome prior to 148.0.7778.216 enables remote attackers to read sensitive data from the renderer process memory by enticing a victim to visit a crafted HTML page. The vulnerability is limited to confidentiality impact - no code execution or integrity impact is indicated by CVSS (C:H/I:N/A:N). With an EPSS of 0.03% and no CISA KEV listing, active exploitation is not currently observed, though the network-accessible attack vector and low complexity make the attack straightforward once a victim visits attacker-controlled content.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10012 HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium, with a patch shipped through the Stable channel and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) and the CVE is not on the CISA KEV list, indicating no observed in-the-wild exploitation despite the serious technical impact.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-10006 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a race condition in the WebAudio component. Google rates the underlying Chromium issue as High severity, and while no public exploit identified at time of analysis, the bug is browser-resident and reachable from any web origin, making it a meaningful drive-by risk once details surface. EPSS data was not provided, and the issue is not currently listed in CISA KEV.

Google RCE Race Condition Red Hat Suse +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-10004 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Passwords component (all versions prior to 148.0.7778.216) allows a remote, unauthenticated attacker to manipulate browser-native password UI elements by delivering a crafted HTML page to a victim. The flaw arises from insufficient input validation (CWE-20) in the Passwords subsystem, enabling attacker-controlled content to render deceptive credential prompts that are visually indistinguishable from legitimate Chrome dialogs. No public exploit has been identified at time of analysis and the CVE is absent from CISA KEV, though the zero-privilege, network-accessible attack surface and High Chromium severity designation make patching a clear priority.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10002 HIGH PATCH This Week

Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to potentially achieve code execution by tricking a user into opening a crafted PDF file. The flaw is a use-after-free condition rated High severity by Chromium, with no public exploit identified at time of analysis and a low EPSS score (0.03%) suggesting limited near-term mass exploitation despite a CVSS of 8.8. A vendor patch has been released via the Chrome Stable channel update.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10001 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the PerformanceManager component triggered by a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and while no public exploit has been identified at time of analysis, EPSS rates exploitation probability as low (0.03%, 11th percentile). The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 due to the scope-changing nature of a sandbox escape.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9998 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers who have already compromised the renderer process to break out of the browser sandbox via an integer overflow in the Skia graphics library. Exploitation requires a crafted HTML page and user interaction, and while a patch is available from Google, there is no public exploit identified at time of analysis and EPSS scoring (0.03%) indicates low near-term exploitation probability.

Google Buffer Overflow Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9997 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Input component. Chromium rates the severity as High and CVSS scores it 8.3, but EPSS estimates exploitation probability at only 0.03% (11th percentile) and no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring an attacker to first achieve renderer code execution before leveraging this bug.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9995 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebXR component, allowing a remote attacker to run arbitrary code within the browser's renderer sandbox by enticing a victim to visit a crafted HTML page. Google rates the underlying Chromium severity as High, and a vendor patch has been released; no public exploit identified at time of analysis.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9994 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Core component. Google rates this Chromium severity as High, and a vendor patch is available; no public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile). Exploitation requires a chained renderer compromise plus user interaction, so it is a meaningful second-stage primitive rather than a one-shot drive-by RCE.

Use After Free Memory Corruption Google Microsoft Denial Of Service +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9993 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox by serving a crafted PDF file that triggers a use-after-free in the Views component. Chromium rates the severity as High and Google has shipped a fixed Stable channel build, but no public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile). The bug is a second-stage primitive - it requires an existing renderer compromise plus user interaction with a malicious PDF, which is the typical shape of a Chrome exploit chain.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9992 HIGH PATCH This Week

Remote code execution in Google Chrome's Network component prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by the Chromium team, and while no public exploit is identified at time of analysis, browser memory-corruption bugs of this class are historically attractive targets when chained with a sandbox escape.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9988 HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux prior to 148.0.7778.216 allows remote attackers to leverage a WebRTC use-after-free condition through a crafted HTML page to break out of the renderer sandbox. The flaw was reported by the Chrome security team and rated High severity by Chromium, with no public exploit identified at time of analysis and an EPSS score of 0.03% (10th percentile) suggesting low near-term exploitation likelihood. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, but the scope-changing impact (S:C) and full CIA compromise make it a meaningful browser-targeted risk.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9987 HIGH PATCH This Week

Local arbitrary code execution in Google Chrome on Android prior to 148.0.7778.216 allows attackers to run code through a malicious file processed by the WebAppInstalls component due to insufficient input validation. The CVSS 7.8 (AV:L/UI:R) reflects that exploitation requires local access and user interaction (opening or installing the malicious file), and no public exploit identified at time of analysis. Chromium-rated High severity and a vendor patch is available in the Stable channel update.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-9986 MEDIUM PATCH This Month

UI spoofing in Google Chrome's OptimizationGuide component (all versions prior to 148.0.7778.216) enables a remote unauthenticated attacker who has already compromised the renderer process to present false browser UI elements to the user via a crafted HTML page. The root cause is CWE-20 (Improper Input Validation) - OptimizationGuide fails to adequately validate untrusted data sourced from the renderer, allowing that data to influence trusted browser UI surfaces. With a CVSS score of 4.2, EPSS at 0.05% (15th percentile), no KEV listing, and no public exploit identified at time of analysis, real-world risk is moderate-low despite the network vector, heavily gated by the renderer-compromise prerequisite.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-9983 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page that triggers a type confusion bug in the Skia graphics library. The flaw was reported by the Chrome team and is rated High severity by Chromium; no public exploit has been identified at time of analysis, though browser type-confusion bugs in Skia have historically been weaponized. Exploitation requires user interaction (UI:R) - typically visiting an attacker-controlled or compromised page.

Google Memory Corruption RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9978 HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 stems from a use-after-free defect in the Glic component, allowing a remote attacker to corrupt memory and execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. Google has rated the Chromium severity as High and shipped a Stable channel update; no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV. The CVSS 8.8 score reflects network reachability and user interaction (loading a page), with full impact to confidentiality, integrity, and availability inside the sandboxed process.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9976 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code by luring a victim to a crafted HTML page that abuses an inappropriate implementation in the browser's USB subsystem. Chromium rates the severity as High and the CVSS 8.8 vector reflects unauthenticated network exploitation with required user interaction. No public exploit identified at time of analysis, but the vendor has shipped a stable channel patch.

Google RCE Code Injection Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9973 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows attackers to execute arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium and CVSS 8.8, requires user interaction to load attacker-controlled content, and no public exploit has been identified at time of analysis.

Google Memory Corruption RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9971 MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome on iOS prior to 148.0.7778.216 enables a remote unauthenticated attacker to inject arbitrary scripts or HTML into the browser context by convincing a target user to perform specific UI gestures on a crafted HTML page. The vulnerability stems from an inappropriate implementation in Chrome's iOS-specific code layer (CWE-79), and while UXSS attacks typically carry cross-origin escalation potential, the CVSS S:U (Unchanged scope) rating suggests cross-origin impact is not confirmed by the scoring authority. No public exploit or active exploitation has been identified at time of analysis; EPSS at 0.06% places this in the 17th percentile of exploitation likelihood.

XSS Google Apple Red Hat Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-9968 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw stems from an integer overflow (CWE-472, External Control of Assumed-Immutable Web Parameter / integer-handling weakness in V8) rated High severity by Chromium and CVSS 8.8. No public exploit identified at time of analysis, and the bug is not currently listed in CISA KEV.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9966 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers an integer overflow in XML handling. The flaw is rated Chromium High severity with CVSS 8.3 and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Google Microsoft Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9965 HIGH PATCH This Week

Out-of-bounds write in the ANGLE graphics translation layer of Google Chrome before 148.0.7778.216 allows a remote attacker to trigger heap corruption by luring a user to a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates the severity as High and CVSS scores it 8.8, but EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit identified at time of analysis. The flaw was reported through Chrome's internal disclosure process and a fixed build is already available from the vendor.

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9964 HIGH PATCH This Week

Arbitrary code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the Bluetooth component, exploitable through a malicious browser extension. Chromium rates the severity as High, and while CVSS scores it 8.1 with network attack vector, real-world exploitation requires the victim to install an attacker-controlled extension. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.01%.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-9963 HIGH PATCH This Week

Arbitrary code execution within the sandbox in Google Chrome on iOS prior to 148.0.7778.216 allows remote attackers to abuse an uninitialized memory condition when a victim performs specific UI gestures on a crafted HTML page. Chromium rates the security severity as High, and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score (0.04%) suggests low near-term exploitation likelihood.

Apple RCE Google Suse Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9962 HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.216) allows a remote attacker to execute arbitrary code within the browser sandbox by enticing a victim to load a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium's security team, and while no public exploit identified at time of analysis, the CVSS 8.8 score reflects the low-complexity network-based attack vector combined with the high impact across confidentiality, integrity, and availability. User interaction (visiting a malicious page) is required, but otherwise no authentication or privileges are needed.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9961 HIGH PATCH This Week

Heap corruption in Google Chrome's SurfaceCapture component (versions prior to 148.0.7778.216) allows a remote attacker to potentially execute arbitrary code by luring a user to a crafted HTML page. The flaw is a use-after-free issue rated High severity by the Chromium project, with a CVSS score of 8.8 reflecting low complexity and no authentication, though user interaction is required. There is no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the historical pattern of Chrome UAF bugs being weaponized makes patching urgent.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9960 HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome's PDFium component (versions prior to 148.0.7778.216) is possible via an integer overflow triggered by a crafted font file. The flaw requires a pre-compromised renderer process and user interaction, and no public exploit identified at time of analysis, though Chromium rates it High severity.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9957 HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the PDF component that remote attackers can trigger by serving a crafted PDF file. The flaw carries a CVSS 8.8 rating reflecting network reach with required user interaction (opening or rendering a malicious PDF), and no public exploit identified at time of analysis though Google rates the underlying Chromium severity as High.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9956 HIGH PATCH This Week

Remote code execution in Google Chrome on iOS prior to 148.0.7778.216 allows attackers to exploit a use-after-free memory corruption flaw when a victim is lured to a malicious HTML page and performs specific UI gestures. The issue carries a CVSS 7.5 (High) score with high attack complexity and required user interaction, and no public exploit has been identified at time of analysis.

Apple Use After Free RCE Memory Corruption Google +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9955 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on iOS prior to 148.0.7778.216 exposes sensitive information from cross-origin resources to remote attackers via a crafted HTML page. The flaw is confined to Chrome's iOS-specific implementation (distinct from Chrome on Android, Windows, or macOS), meaning the affected population is limited to iOS users running unpatched Chrome builds. With a CVSS score of 4.3 (Medium), no CISA KEV listing, and an EPSS of 0.03% (11th percentile), no public exploit identified at time of analysis, this is a real but lower-priority disclosure issue - though the zero-privilege-required network vector merits timely patching.

Apple Information Disclosure Google Red Hat Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-9952 HIGH PATCH This Week

Remote code execution in Google Chrome's WebAudio component (versions prior to 148.0.7778.216) allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS score of 8.8 reflecting low attack complexity and no authentication required, though user interaction (visiting a page) is needed. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9951 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers to break out of the renderer process sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free condition in the UI component. Chromium rates the severity as High, and a vendor patch is available; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.03%, 11th percentile).

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9949 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page leveraging a use-after-free in Core. The flaw is rated High by Chromium and carries CVSS 8.3, but EPSS is very low (0.03%) and no public exploit identified at time of analysis, so it is most relevant as the second stage of a multi-bug exploit chain rather than a standalone entry vector.

Use After Free Memory Corruption Google Microsoft Denial Of Service +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9947 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the browser's XML handling component, allowing a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the severity as High with a CVSS 3.1 score of 8.8, and exploitation requires user interaction such as visiting a malicious site. No public exploit identified at time of analysis, but use-after-free flaws in Chrome's XML parsing have historically been chained with sandbox escapes for full system compromise.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9946 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the ANGLE graphics translation layer that lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Google rates this High severity and a vendor patch is available, but EPSS scoring (0.03%, 11th percentile) is low and no public exploit identified at time of analysis, suggesting it has not yet been weaponized broadly.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9945 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 148.0.7778.216 allows attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a use-after-free condition in the Media component. Rated High severity by Chromium with a CVSS 8.8 score, the flaw requires user interaction (visiting a malicious page) but no authentication, and no public exploit identified at time of analysis.

Use After Free RCE Memory Corruption Google Microsoft +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9942 MEDIUM PATCH This Month

Uninitialized memory use in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome versions prior to 148.0.7778.216 enables a remote attacker - who has already achieved renderer process compromise - to bypass site isolation via a specially crafted HTML page. This is a chained exploitation scenario: the vulnerability is not standalone, but serves as a second-stage primitive to break Chrome's cross-origin security boundary once an initial renderer foothold exists. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (3rd percentile) reflects minimal observed exploitation activity.

Google Authentication Bypass Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-9939 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by tricking a user into visiting a crafted HTML page that triggers a heap buffer overflow in the WebCodecs component. Chromium rates this severity High and a vendor patch is available, though EPSS exploitation probability is currently very low (0.03%, 9th percentile) and there is no public exploit identified at time of analysis.

Google Heap Overflow RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9938 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The Chromium project rates the severity as High and CVSS scores it 8.8 (network-reachable, low complexity, no privileges, user interaction required). No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), suggesting limited near-term mass-exploitation likelihood despite the high impact rating.

Google RCE Code Injection Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9937 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the UI component, triggered by a crafted HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).

Use After Free Memory Corruption Google Microsoft Denial Of Service +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9936 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the GPU/GFX sandbox via a crafted HTML page, leveraging a use-after-free condition. The flaw is rated High severity by Chromium (CVSS 8.3) and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%).

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9935 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics layer affects all versions prior to 148.0.7778.216, enabling remote unauthenticated attackers (PR:N) to read cross-process memory contents via a crafted HTML page. The root cause is an uninitialized variable (CWE-457) in ANGLE - Chrome's OpenGL ES abstraction layer - where stale memory contents can be read and exfiltrated across security origins. No public exploit code has been identified at time of analysis and the EPSS score of 0.03% (11th percentile) indicates very low current exploitation probability; however, the low attack complexity (AC:L) and zero privilege requirement make opportunistic targeting feasible once exploitation techniques mature.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-9933 HIGH PATCH This Week

Use-after-free in the Input component of Google Chrome prior to 148.0.7778.216 allows a remote attacker to trigger heap corruption when a victim is lured to a crafted HTML page and performs specific UI gestures. Chromium rates the severity High, and while no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), the bug class historically yields renderer RCE when chained with a sandbox escape. A vendor patch is available in the stable channel update referenced by Google.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9931 HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU process prior to version 148.0.7778.216 lets a remote attacker who has already gained code execution inside the renderer process break out of Chrome's sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium and carries CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C). EPSS is very low (0.03%), and there is no public exploit identified at time of analysis, but the bug is part of a stable-channel security release shipped by Google.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9928 HIGH PATCH This Week

Remote code execution in Google Chrome for Windows prior to 148.0.7778.216 stems from an out-of-bounds read in the ANGLE graphics abstraction layer, enabling attackers who lure a user to a malicious page to execute arbitrary code in the renderer context. Chromium rates the severity High and CVSS scores it 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though successful exploitation requires user interaction (visiting the crafted page). No public exploit has been identified at time of analysis, but ANGLE bugs have historically been chained into browser sandbox escapes.

Information Disclosure RCE Buffer Overflow Google Microsoft +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9927 HIGH PATCH This Week

Remote code execution in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows attackers to run arbitrary code inside the browser sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) reported internally by the Chrome team and rated High by Chromium; no public exploit identified at time of analysis, though Chrome UAF bugs in ANGLE are historically attractive targets and pair well with sandbox escapes.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9926 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 leverages a heap buffer overflow in the ANGLE graphics translation layer, enabling attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Chromium rates the severity as High and CVSS scores it at 8.3, though EPSS remains very low at 0.03% and no public exploit has been identified at time of analysis.

Google Heap Overflow Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9925 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers, who have already compromised the renderer process, to break out of the browser sandbox via a use-after-free flaw in the ANGLE graphics translation layer. Exploitation requires user interaction (visiting a crafted HTML page) and a prior renderer compromise, making this a second-stage primitive in a chained attack. EPSS is low at 0.03% and there is no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as High.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9922 HIGH PATCH This Week

Renderer-to-browser sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 enables remote code execution via a use-after-free in the GPU process. An attacker who has already compromised the renderer can leverage a crafted HTML page to corrupt GPU process memory and execute arbitrary code outside the renderer sandbox. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Chromium rates the underlying severity as High.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9910 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds memory access in the ANGLE graphics translation layer that lets a remote attacker run arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the issue High severity and a vendor patch is available, though no public exploit identified at time of analysis and the EPSS score of 0.04% (12th percentile) indicates very low observed exploitation likelihood at this time.

Google Information Disclosure RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9909 HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome (Skia graphics library) prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to execute additional code inside the Chrome sandbox via a crafted HTML page. The flaw is an integer overflow rated High by Chromium's security team with a CVSS of 7.5, but EPSS is very low (0.04%, 12th percentile) and there is no public exploit identified at time of analysis. Exploitation requires user interaction (visiting a page) and a pre-existing renderer compromise, so this is a chain component rather than a standalone RCE.

Google RCE Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9901 HIGH PATCH This Week

Sandbox escape and arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break memory safety and execute code in a higher-privileged context. No public exploit identified at time of analysis, though Chromium rates the underlying severity as High.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9897 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 enables a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the DOM implementation. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and Google has rated the Chromium severity as High; no public exploit is identified at the time of analysis and the issue is not listed in CISA KEV.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9896 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows remote attackers to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a CWE-787 out-of-bounds write in V8 carrying a CVSS 8.8 (High) with Chromium severity rated High; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Google Memory Corruption RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9891 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted Chrome Extension exploiting a use-after-free in the Extensions component. Chromium rates the underlying flaw as Critical severity, though no public exploit has been identified at time of analysis and EPSS exploitation probability sits at 0.03% (11th percentile).

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-9887 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 allows attackers to exploit a use-after-free condition in the Proxy component via a malicious PAC (Proxy Auto-Config) script delivered through a crafted web page. Chromium rates this as Critical severity, and while no public exploit identified at time of analysis, the EPSS score of 0.04% reflects low predicted exploitation activity despite the high CVSS 8.8 rating. Successful exploitation requires user interaction (UI:R) such as visiting an attacker-controlled page that triggers the vulnerable PAC processing path.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-9884 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 148.0.7778.216 allows attackers to exploit a use-after-free flaw in the Browser component via a malicious HTML page. Rated Critical by Chromium's security team with a CVSS of 8.8, exploitation requires user interaction (visiting a crafted page) but no authentication, and no public exploit identified at time of analysis. A vendor patch is available through the Chrome stable channel update.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9883 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code via a crafted HTML page exploiting a use-after-free flaw in the Base component. Chromium classifies the severity as Critical, and Google has shipped a stable channel update; no public exploit has been identified at time of analysis. Exploitation requires user interaction (visiting a malicious page), which is the typical drive-by browser attack model.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9882 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics layer (prior to 148.0.7778.216) allows unauthenticated remote attackers to read sensitive cross-origin information by luring a victim to a crafted HTML page. The root cause is an integer overflow in ANGLE, Chrome's graphics translation engine, which is internally rated Critical by the Chrome security team despite a CVSS score of only 4.3. No public exploit has been identified at time of analysis, and the EPSS exploitation probability is very low at 0.03% (11th percentile), though the cross-origin data leakage class of vulnerability has historically attracted targeted exploitation in browser ecosystems.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9880 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses insufficient input validation in WebGL. Chromium rates the underlying severity as Critical, and while no public exploit is identified at time of analysis, the EPSS score is low (0.04%, 14th percentile) and the CVSS:3.1 base is 8.3 due to high attack complexity and required user interaction. The flaw is part of a multi-stage exploit chain rather than a one-shot RCE.

Google Information Disclosure Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9879 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds write in the ANGLE graphics translation layer, allowing a remote attacker to execute arbitrary code in the browser's renderer context after a victim visits a crafted HTML page. Chromium rates this severity Critical and CVSS scores it 8.8, with vendor patches released via the Stable channel update; no public exploit identified at time of analysis.

Google Memory Corruption RCE Buffer Overflow Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9878 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in ANGLE, the graphics abstraction layer that translates OpenGL ES calls to native GPU APIs. A remote attacker who lures a user into visiting a crafted HTML page can execute arbitrary code within the renderer sandbox, with Chromium rating the severity as Critical. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9877 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a use-after-free flaw in the ANGLE graphics translation layer. Exploitation requires user interaction with a crafted HTML page and is typically chained with a separate renderer-compromise bug. No public exploit identified at time of analysis, and EPSS is very low (0.03%), though Google rated the underlying issue Critical severity.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
EPSS 0% CVSS 6.3
MEDIUM This Month

Stack-based buffer overflow in CZ.NIC BIRD Internet Routing Daemon through 2.19.0 allows an established BGP peer to crash the daemon by sending a crafted AS_PATH exceeding 2048 expanded ASNs when RFC 8654 Extended Messages are enabled and an AS path mask filter is active. The as_path_match() function in nest/a-path.c uses a fixed 2049-entry stack array while parse_path() expands AS_PATH segments without enforcing a corresponding capacity limit, causing a write beyond the stack buffer boundary and a daemon crash. No public exploit identified at time of analysis; notably, the vendor has explicitly declined to prioritize a fix, instead citing operator best-practice filtering as the expected mitigation.

Buffer Overflow Stack Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unsafe reflection in Apache Calcite 1.5.0 through 1.41 allows unauthenticated remote attackers to supply externally-controlled input that influences class or code selection at runtime, resulting in partial confidentiality and integrity impact (CVSS C:L/I:L). The vulnerability stems from CWE-470, where user-supplied input is used unsanitized to drive Java reflection operations. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.02% (7th percentile) indicates low community-assessed exploitation probability at time of analysis.

Information Disclosure Apache Red Hat
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Path traversal in Jupyter Server 2.17.0 allows authenticated users to read and write files in sibling directories outside the configured root, via a flawed startswith() boundary check in _get_os_path() combined with to_os_path() failing to strip '..' sequences. With CVSS 8.1 (high confidentiality and integrity impact) and a publicly available proof-of-concept disclosed through huntr, the issue is particularly dangerous in shared/multi-tenant hosting where multiple Jupyter instances share a parent directory. EPSS is currently low (0.05%), and there is no public exploit identified at time of analysis beyond the huntr POC reference.

Information Disclosure Path Traversal Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Missing authorization enforcement in MLflow 3.9.0 allows any low-privileged authenticated user to enumerate all gateway secrets, endpoints, and model definitions via three unprotected Gateway API list endpoints. The root cause is an omission in the `BEFORE_REQUEST_HANDLERS` dictionary within `mlflow/server/auth/__init__.py`, which gates authorization for request handlers - three Gateway API list operations (`ListGatewaySecretInfos`, `ListGatewayEndpoints`, `ListGatewayModelDefinitions`) are absent from this registry, bypassing access control entirely when basic-auth is active. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the low attack complexity and high confidentiality impact warrant prompt remediation in any deployment with multi-tenant or least-privilege access expectations.

Authentication Bypass Mlflow Mlflow Red Hat
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Server-Side Request Forgery in Clair's fetcher component exposes internal network services and cloud metadata endpoints to unauthenticated remote attackers who can submit container image manifests with crafted layer descriptor URIs. Affected deployments are those where PSK (Pre-Shared Key) authentication is not configured - an opt-in control that is not enforced by default - meaning standalone or custom Clair installations without PSK are directly exploitable over the network with no credentials. Reflective SSRF behavior leaks up to 256 bytes of internal error body content per request via CheckResponse error messages, enabling network reconnaissance; no public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.

Red Hat SSRF Suse
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Path traversal in the org.apache.sshd:sshd-git component of Apache MINA SSHD allows authenticated remote attackers to read files outside the intended Git repository directory by supplying crafted path references over SSH. The flaw was disclosed pre-NVD on the oss-security mailing list on 2026-05-30 by Apache maintainer Thomas Wolf, with no public exploit identified at time of analysis and no CISA KEV listing.

Apache Path Traversal Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Excessive RBAC permissions in the Metal3 ip-address-manager (IPAM) controller's ClusterRole expose Kubernetes Secrets to post-compromise abuse. The metal3-ipam-controller-manager-role granted full CRUD on core/v1 Secrets - yet PR diff evidence confirms the controller never accesses Secrets in normal operation, making these permissions entirely unnecessary. If the controller pod is compromised via a supply chain attack or container escape, an attacker inheriting the controller's service account token can read, modify, or delete any Secret in the namespace, turning a narrow container compromise into cluster-wide credential exfiltration. No public exploit exists and no CISA KEV listing, but the confidentiality impact is rated High (C:H) by NVD.

Privilege Escalation Information Disclosure Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Host process data leakage in vm2 (npm/vm2 <= 3.11.3) allows untrusted JavaScript executing inside a NodeVM sandbox to read sensitive host-process state - including HTTP Authorization headers, session tokens, and AsyncLocalStorage request context - by requiring process-wide observability builtins that were incorrectly absent from the DANGEROUS_BUILTINS denylist. The affected modules (diagnostics_channel, async_hooks, perf_hooks) are Node.js process-wide singletons, not sandbox-local constructs, so granting sandbox access to them exposes all host process data flowing through those channels. A publicly available exploit code exists confirming extraction of Bearer tokens and x-session-token headers from live host HTTP requests; this is not confirmed actively exploited (not in CISA KEV).

Information Disclosure Node.js Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Sandbox network isolation bypass in vm2 NodeVM (versions <= 3.11.3) allows untrusted JavaScript running in the sandbox to regain outbound and listening network access despite explicit exclusions of public network modules. Remote attackers (in the threat model where the application accepts untrusted code) can leverage Node.js's undocumented underscored builtins such as `_http_client` and `_http_server` to reach internal services, cloud metadata endpoints, and localhost-only admin panels. Publicly available exploit code exists (PoC published in the GHSA advisory), and a vendor-released patch is available in version 3.11.4.

SSRF Node.js Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Denial Of Service Information Disclosure Oracle +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Denial Of Service Oracle Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape leading to remote code execution in vm2 NodeVM versions 3.11.3 and earlier allows attackers running untrusted JavaScript inside the sandbox to break out via two missing entries in the dangerous-builtin denylist: `process` (whose `getBuiltinModule()` reloads any core module, including `child_process`) and `inspector/promises` (whose `Session().post('Runtime.evaluate', ...)` evaluates code in the host realm). The flaw is exploitable only when the embedder allows `process`, `inspector/promises`, or wildcard `*` in `require.builtin`. Publicly available exploit code exists (PoC published with the advisory), and a patch is available in vm2 3.11.4; no public exploit identified at time of analysis as actively used in the wild.

Node.js RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows arbitrary code execution in the Node.js host process when untrusted code is run on runtimes exposing WebAssembly JSPI (Node 24 with --experimental-wasm-jspi, or Node 26+ by default). A working PoC demonstrates that a JSPI-backed Promise reaches host-realm Promise.prototype.finally without bridge interposition, letting attacker-controlled species logic walk a rejection object's constructor chain to host process and execute arbitrary commands. No public exploit identified as actively used in the wild, but a complete weaponized PoC is published in the GHSA advisory.

Node.js RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows full remote code execution by bypassing the GHSA-8hg8-63c5-gwmx (CVE-2023-37903) patch through omission of the require option when nesting:true is set. Publicly available exploit code exists in the GHSA advisory itself, and with a CVSS of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) any application passing untrusted code to a NodeVM configured this way is trivially compromised on the host.

RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Sandbox escape in vm2 (npm) versions ≤ 3.11.3 allows untrusted code running inside the VM to write arbitrary properties - including dangerous Symbol-keyed properties like `nodejs.util.promisify.custom` - onto host-realm objects via a Proxy `set`-trap receiver-handling flaw. Because any inheriting child object (`Object.create(hostObj)`) becomes a write channel into the host, attackers can hijack host control flow when the host later dispatches through the polluted slot, escalating from sandbox integrity loss to host-realm code execution. Publicly documented reproduction exists in the GHSA advisory; no public exploit identified at time of analysis and not on the CISA KEV list.

RCE Red Hat
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Sandbox escape in vm2 versions 3.11.2 and earlier (through 3.11.3) allows sandboxed JavaScript to obtain real Node.js cross-realm symbols and write them onto host objects, hijacking host-side control flow such as util.promisify, stream duck-typing, and WebStream internals. The flaw stems from an incomplete Symbol.for override that blocks only 2 of 9 dangerous nodejs.* symbols and from bridge write traps that lack the dangerous-symbol guard present on read traps. A working proof-of-concept hijacking util.promisify is published in the GHSA advisory, and a vendor patch (3.11.4) is available; no entry in CISA KEV at time of analysis.

Apple Node.js Authentication Bypass +1
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in the vm2 Node.js sandbox library (versions <= 3.11.3) allows sandboxed JavaScript to escape isolation and execute arbitrary commands on the host. The flaw stems from a missing resetPromiseSpecies call in the localPromise swallow tail, letting a sandbox subclass hijack Promise species resolution and capture a raw host-realm RangeError that exposes the host Function constructor. Publicly available exploit code exists (POC published in the advisory), though no public exploit identified at time of analysis as actively exploited in the wild; given vm2's heavy use as an untrusted-code sandbox in SaaS, CI, and serverless platforms, this is a top-priority issue.

RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape in the vm2 Node.js sandbox library (versions <= 3.11.3) allows untrusted JavaScript executed inside a vm2 VM to reach the host realm and achieve arbitrary code execution. By chaining Buffer.call.call indirection with __lookupGetter__/__lookupSetter__ to obtain host Object.prototype.__proto__ accessors and using a WebAssembly.compileStreaming rejection to surface a host TypeError, an attacker severs a host prototype chain, causing the bridge's proto-walk to return the raw host error unwrapped - yielding e.constructor.constructor as host Function and full RCE. Publicly available exploit code exists (advisory ships a working PoC); CVSS is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Node.js RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial-of-service and HTTP header injection in the axios npm package (>=1.0.0,<1.16.0 and <=0.31.1) arise from two read-side prototype-pollution gadgets in lib/utils.js merge() and lib/core/mergeConfig.js, allowing a polluted Object.prototype (typically from an upstream dependency such as lodash CVE-2018-16487) to inject arbitrary outbound headers or crash every axios call with a synchronous TypeError. Publicly available exploit code exists in the GHSA advisory PoC, but EPSS is only 0.04% (13th percentile) and SSVC marks Automatable=no with partial technical impact, so this is a credible secondary-gadget risk rather than a mass-exploitation target.

Denial Of Service Prototype Pollution Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

{} instances that inherit from Object.prototype - and setProxy() in lib/adapters/http.js reads proxy.username and proxy.auth without hasOwnProperty guards, allowing prototype-polluted values to forge a Proxy-Authorization header injected into every proxied request. A working proof of concept has been publicly disclosed by the reporter; no active exploitation has been confirmed (not in CISA KEV).

Apple Node.js Authentication Bypass +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Token leakage in GitHub CLI versions through 2.92.0 causes authentication tokens to be transmitted to unintended hosts when users run gh attestation, gh release verify, or gh release verify-asset commands. The flawed host normalization collapses *.github.com subdomains to github.com, leaking github.com tokens to tuf-repo.github.com (a GitHub Pages domain), while GH_ENTERPRISE_TOKEN values leak to external hosts tuf-repo-cdn.sigstore.dev and tmaproduction.blob.core.windows.net. No public exploit identified at time of analysis, and the vendor (GitHub) reports no evidence that tokens were captured or misused.

Microsoft Authentication Bypass Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.1
MEDIUM This Month

Server-Side Request Forgery (SSRF) in Red Hat Quay 3's config-tool allows a highly privileged attacker with config editor access to probe internal network infrastructure from the Quay pod's network position. By supplying attacker-controlled endpoints to the LDAP and SMTP validation functions - which make outbound connections without IP or hostname filtering - the attacker can enumerate internal services and map network topology behind the container boundary. The scope change (S:C) in the CVSS vector confirms that exploitation reaches systems beyond the Quay component itself. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

SSRF Red Hat
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

HTTP request smuggling in libsoup allows remote unauthenticated attackers to exploit an unsigned-to-signed integer conversion error in the `soup_body_input_stream_read_chunked()` function via a crafted HTTP request. The vulnerability is confined to specific proxy topologies where libsoup operates either behind or in front of a non-libsoup HTTP intermediary, and successful exploitation can result in authentication bypass, web cache poisoning, or unauthorized access. No public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV, but the integrity and confidentiality impacts warrant urgent attention in any affected mixed-proxy deployment.

Request Smuggling Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Denial of service in glib-networking allows a remote unauthenticated attacker to exhaust CPU resources in any application using the library's GnuTLS backend for certificate verification. By presenting a TLS certificate chain containing circular issuer relationships, the attacker triggers an unbounded loop (CWE-835) in the verification logic that never terminates. EPSS data was not provided; no public exploit code and no CISA KEV listing exist at time of analysis, placing this firmly in the 'monitor and patch' tier rather than emergency response.

Denial Of Service Red Hat Suse
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code in the browser context by luring a victim to a crafted HTML page that abuses insufficient input validation in the WebUSB component. The flaw carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and Chromium rates it Medium severity; no public exploit identified at time of analysis and it is not currently listed in CISA KEV. A vendor patch shipped via the Chrome Stable channel mitigates the issue.

Google RCE Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the ANGLE graphics translation layer, allowing a remote attacker who lures a user to a crafted HTML page to bypass same-origin protections and exfiltrate sensitive data from other domains. The flaw carries a CVSS 8.8 rating due to network reachability and high impact across confidentiality, integrity, and availability, though Chromium itself rates the severity as Medium. EPSS is very low at 0.03% (11th percentile) and no public exploit identified at time of analysis, indicating limited near-term exploitation pressure despite the high CVSS.

Google Information Disclosure Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in ANGLE (Chrome's graphics translation layer) in Google Chrome prior to 148.0.7778.216 enables remote attackers to read sensitive data from the renderer process memory by enticing a victim to visit a crafted HTML page. The vulnerability is limited to confidentiality impact - no code execution or integrity impact is indicated by CVSS (C:H/I:N/A:N). With an EPSS of 0.03% and no CISA KEV listing, active exploitation is not currently observed, though the network-accessible attack vector and low complexity make the attack straightforward once a victim visits attacker-controlled content.

Google Information Disclosure Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium, with a patch shipped through the Stable channel and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) and the CVE is not on the CISA KEV list, indicating no observed in-the-wild exploitation despite the serious technical impact.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a race condition in the WebAudio component. Google rates the underlying Chromium issue as High severity, and while no public exploit identified at time of analysis, the bug is browser-resident and reachable from any web origin, making it a meaningful drive-by risk once details surface. EPSS data was not provided, and the issue is not currently listed in CISA KEV.

Google RCE Race Condition +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

UI spoofing in Google Chrome's Passwords component (all versions prior to 148.0.7778.216) allows a remote, unauthenticated attacker to manipulate browser-native password UI elements by delivering a crafted HTML page to a victim. The flaw arises from insufficient input validation (CWE-20) in the Passwords subsystem, enabling attacker-controlled content to render deceptive credential prompts that are visually indistinguishable from legitimate Chrome dialogs. No public exploit has been identified at time of analysis and the CVE is absent from CISA KEV, though the zero-privilege, network-accessible attack surface and High Chromium severity designation make patching a clear priority.

Google Information Disclosure Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to potentially achieve code execution by tricking a user into opening a crafted PDF file. The flaw is a use-after-free condition rated High severity by Chromium, with no public exploit identified at time of analysis and a low EPSS score (0.03%) suggesting limited near-term mass exploitation despite a CVSS of 8.8. A vendor patch has been released via the Chrome Stable channel update.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the PerformanceManager component triggered by a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and while no public exploit has been identified at time of analysis, EPSS rates exploitation probability as low (0.03%, 11th percentile). The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 due to the scope-changing nature of a sandbox escape.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers who have already compromised the renderer process to break out of the browser sandbox via an integer overflow in the Skia graphics library. Exploitation requires a crafted HTML page and user interaction, and while a patch is available from Google, there is no public exploit identified at time of analysis and EPSS scoring (0.03%) indicates low near-term exploitation probability.

Google Buffer Overflow Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Input component. Chromium rates the severity as High and CVSS scores it 8.3, but EPSS estimates exploitation probability at only 0.03% (11th percentile) and no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring an attacker to first achieve renderer code execution before leveraging this bug.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebXR component, allowing a remote attacker to run arbitrary code within the browser's renderer sandbox by enticing a victim to visit a crafted HTML page. Google rates the underlying Chromium severity as High, and a vendor patch has been released; no public exploit identified at time of analysis.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Core component. Google rates this Chromium severity as High, and a vendor patch is available; no public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile). Exploitation requires a chained renderer compromise plus user interaction, so it is a meaningful second-stage primitive rather than a one-shot drive-by RCE.

Use After Free Memory Corruption Google +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox by serving a crafted PDF file that triggers a use-after-free in the Views component. Chromium rates the severity as High and Google has shipped a fixed Stable channel build, but no public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile). The bug is a second-stage primitive - it requires an existing renderer compromise plus user interaction with a malicious PDF, which is the typical shape of a Chrome exploit chain.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Network component prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by the Chromium team, and while no public exploit is identified at time of analysis, browser memory-corruption bugs of this class are historically attractive targets when chained with a sandbox escape.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux prior to 148.0.7778.216 allows remote attackers to leverage a WebRTC use-after-free condition through a crafted HTML page to break out of the renderer sandbox. The flaw was reported by the Chrome security team and rated High severity by Chromium, with no public exploit identified at time of analysis and an EPSS score of 0.03% (10th percentile) suggesting low near-term exploitation likelihood. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, but the scope-changing impact (S:C) and full CIA compromise make it a meaningful browser-targeted risk.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local arbitrary code execution in Google Chrome on Android prior to 148.0.7778.216 allows attackers to run code through a malicious file processed by the WebAppInstalls component due to insufficient input validation. The CVSS 7.8 (AV:L/UI:R) reflects that exploitation requires local access and user interaction (opening or installing the malicious file), and no public exploit identified at time of analysis. Chromium-rated High severity and a vendor patch is available in the Stable channel update.

Google RCE Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

UI spoofing in Google Chrome's OptimizationGuide component (all versions prior to 148.0.7778.216) enables a remote unauthenticated attacker who has already compromised the renderer process to present false browser UI elements to the user via a crafted HTML page. The root cause is CWE-20 (Improper Input Validation) - OptimizationGuide fails to adequately validate untrusted data sourced from the renderer, allowing that data to influence trusted browser UI surfaces. With a CVSS score of 4.2, EPSS at 0.05% (15th percentile), no KEV listing, and no public exploit identified at time of analysis, real-world risk is moderate-low despite the network vector, heavily gated by the renderer-compromise prerequisite.

Google Information Disclosure Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page that triggers a type confusion bug in the Skia graphics library. The flaw was reported by the Chrome team and is rated High severity by Chromium; no public exploit has been identified at time of analysis, though browser type-confusion bugs in Skia have historically been weaponized. Exploitation requires user interaction (UI:R) - typically visiting an attacker-controlled or compromised page.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 stems from a use-after-free defect in the Glic component, allowing a remote attacker to corrupt memory and execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. Google has rated the Chromium severity as High and shipped a Stable channel update; no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV. The CVSS 8.8 score reflects network reachability and user interaction (loading a page), with full impact to confidentiality, integrity, and availability inside the sandboxed process.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code by luring a victim to a crafted HTML page that abuses an inappropriate implementation in the browser's USB subsystem. Chromium rates the severity as High and the CVSS 8.8 vector reflects unauthenticated network exploitation with required user interaction. No public exploit identified at time of analysis, but the vendor has shipped a stable channel patch.

Google RCE Code Injection +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows attackers to execute arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium and CVSS 8.8, requires user interaction to load attacker-controlled content, and no public exploit has been identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in Google Chrome on iOS prior to 148.0.7778.216 enables a remote unauthenticated attacker to inject arbitrary scripts or HTML into the browser context by convincing a target user to perform specific UI gestures on a crafted HTML page. The vulnerability stems from an inappropriate implementation in Chrome's iOS-specific code layer (CWE-79), and while UXSS attacks typically carry cross-origin escalation potential, the CVSS S:U (Unchanged scope) rating suggests cross-origin impact is not confirmed by the scoring authority. No public exploit or active exploitation has been identified at time of analysis; EPSS at 0.06% places this in the 17th percentile of exploitation likelihood.

XSS Google Apple +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw stems from an integer overflow (CWE-472, External Control of Assumed-Immutable Web Parameter / integer-handling weakness in V8) rated High severity by Chromium and CVSS 8.8. No public exploit identified at time of analysis, and the bug is not currently listed in CISA KEV.

Google RCE Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers an integer overflow in XML handling. The flaw is rated Chromium High severity with CVSS 8.3 and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS is very low at 0.03%.

Google Microsoft Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds write in the ANGLE graphics translation layer of Google Chrome before 148.0.7778.216 allows a remote attacker to trigger heap corruption by luring a user to a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates the severity as High and CVSS scores it 8.8, but EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit identified at time of analysis. The flaw was reported through Chrome's internal disclosure process and a fixed build is already available from the vendor.

Google Memory Corruption Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Arbitrary code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the Bluetooth component, exploitable through a malicious browser extension. Chromium rates the severity as High, and while CVSS scores it 8.1 with network attack vector, real-world exploitation requires the victim to install an attacker-controlled extension. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.01%.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Arbitrary code execution within the sandbox in Google Chrome on iOS prior to 148.0.7778.216 allows remote attackers to abuse an uninitialized memory condition when a victim performs specific UI gestures on a crafted HTML page. Chromium rates the security severity as High, and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score (0.04%) suggests low near-term exploitation likelihood.

Apple RCE Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.216) allows a remote attacker to execute arbitrary code within the browser sandbox by enticing a victim to load a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium's security team, and while no public exploit identified at time of analysis, the CVSS 8.8 score reflects the low-complexity network-based attack vector combined with the high impact across confidentiality, integrity, and availability. User interaction (visiting a malicious page) is required, but otherwise no authentication or privileges are needed.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's SurfaceCapture component (versions prior to 148.0.7778.216) allows a remote attacker to potentially execute arbitrary code by luring a user to a crafted HTML page. The flaw is a use-after-free issue rated High severity by the Chromium project, with a CVSS score of 8.8 reflecting low complexity and no authentication, though user interaction is required. There is no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the historical pattern of Chrome UAF bugs being weaponized makes patching urgent.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome's PDFium component (versions prior to 148.0.7778.216) is possible via an integer overflow triggered by a crafted font file. The flaw requires a pre-compromised renderer process and user interaction, and no public exploit identified at time of analysis, though Chromium rates it High severity.

Google RCE Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the PDF component that remote attackers can trigger by serving a crafted PDF file. The flaw carries a CVSS 8.8 rating reflecting network reach with required user interaction (opening or rendering a malicious PDF), and no public exploit identified at time of analysis though Google rates the underlying Chromium severity as High.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on iOS prior to 148.0.7778.216 allows attackers to exploit a use-after-free memory corruption flaw when a victim is lured to a malicious HTML page and performs specific UI gestures. The issue carries a CVSS 7.5 (High) score with high attack complexity and required user interaction, and no public exploit has been identified at time of analysis.

Apple Use After Free RCE +6
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on iOS prior to 148.0.7778.216 exposes sensitive information from cross-origin resources to remote attackers via a crafted HTML page. The flaw is confined to Chrome's iOS-specific implementation (distinct from Chrome on Android, Windows, or macOS), meaning the affected population is limited to iOS users running unpatched Chrome builds. With a CVSS score of 4.3 (Medium), no CISA KEV listing, and an EPSS of 0.03% (11th percentile), no public exploit identified at time of analysis, this is a real but lower-priority disclosure issue - though the zero-privilege-required network vector merits timely patching.

Apple Information Disclosure Google +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's WebAudio component (versions prior to 148.0.7778.216) allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS score of 8.8 reflecting low attack complexity and no authentication required, though user interaction (visiting a page) is needed. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers to break out of the renderer process sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free condition in the UI component. Chromium rates the severity as High, and a vendor patch is available; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.03%, 11th percentile).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page leveraging a use-after-free in Core. The flaw is rated High by Chromium and carries CVSS 8.3, but EPSS is very low (0.03%) and no public exploit identified at time of analysis, so it is most relevant as the second stage of a multi-bug exploit chain rather than a standalone entry vector.

Use After Free Memory Corruption Google +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the browser's XML handling component, allowing a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the severity as High with a CVSS 3.1 score of 8.8, and exploitation requires user interaction such as visiting a malicious site. No public exploit identified at time of analysis, but use-after-free flaws in Chrome's XML parsing have historically been chained with sandbox escapes for full system compromise.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the ANGLE graphics translation layer that lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Google rates this High severity and a vendor patch is available, but EPSS scoring (0.03%, 11th percentile) is low and no public exploit identified at time of analysis, suggesting it has not yet been weaponized broadly.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to version 148.0.7778.216 allows attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a use-after-free condition in the Media component. Rated High severity by Chromium with a CVSS 8.8 score, the flaw requires user interaction (visiting a malicious page) but no authentication, and no public exploit identified at time of analysis.

Use After Free RCE Memory Corruption +6
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Uninitialized memory use in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome versions prior to 148.0.7778.216 enables a remote attacker - who has already achieved renderer process compromise - to bypass site isolation via a specially crafted HTML page. This is a chained exploitation scenario: the vulnerability is not standalone, but serves as a second-stage primitive to break Chrome's cross-origin security boundary once an initial renderer foothold exists. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (3rd percentile) reflects minimal observed exploitation activity.

Google Authentication Bypass Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by tricking a user into visiting a crafted HTML page that triggers a heap buffer overflow in the WebCodecs component. Chromium rates this severity High and a vendor patch is available, though EPSS exploitation probability is currently very low (0.03%, 9th percentile) and there is no public exploit identified at time of analysis.

Google Heap Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code inside the renderer sandbox via a crafted HTML page. The Chromium project rates the severity as High and CVSS scores it 8.8 (network-reachable, low complexity, no privileges, user interaction required). No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), suggesting limited near-term mass-exploitation likelihood despite the high impact rating.

Google RCE Code Injection +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the UI component, triggered by a crafted HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).

Use After Free Memory Corruption Google +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the GPU/GFX sandbox via a crafted HTML page, leveraging a use-after-free condition. The flaw is rated High severity by Chromium (CVSS 8.3) and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics layer affects all versions prior to 148.0.7778.216, enabling remote unauthenticated attackers (PR:N) to read cross-process memory contents via a crafted HTML page. The root cause is an uninitialized variable (CWE-457) in ANGLE - Chrome's OpenGL ES abstraction layer - where stale memory contents can be read and exfiltrated across security origins. No public exploit code has been identified at time of analysis and the EPSS score of 0.03% (11th percentile) indicates very low current exploitation probability; however, the low attack complexity (AC:L) and zero privilege requirement make opportunistic targeting feasible once exploitation techniques mature.

Google Information Disclosure Red Hat +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free in the Input component of Google Chrome prior to 148.0.7778.216 allows a remote attacker to trigger heap corruption when a victim is lured to a crafted HTML page and performs specific UI gestures. Chromium rates the severity High, and while no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), the bug class historically yields renderer RCE when chained with a sandbox escape. A vendor patch is available in the stable channel update referenced by Google.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU process prior to version 148.0.7778.216 lets a remote attacker who has already gained code execution inside the renderer process break out of Chrome's sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium and carries CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C). EPSS is very low (0.03%), and there is no public exploit identified at time of analysis, but the bug is part of a stable-channel security release shipped by Google.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome for Windows prior to 148.0.7778.216 stems from an out-of-bounds read in the ANGLE graphics abstraction layer, enabling attackers who lure a user to a malicious page to execute arbitrary code in the renderer context. Chromium rates the severity High and CVSS scores it 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though successful exploitation requires user interaction (visiting the crafted page). No public exploit has been identified at time of analysis, but ANGLE bugs have historically been chained into browser sandbox escapes.

Information Disclosure RCE Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows attackers to run arbitrary code inside the browser sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) reported internally by the Chrome team and rated High by Chromium; no public exploit identified at time of analysis, though Chrome UAF bugs in ANGLE are historically attractive targets and pair well with sandbox escapes.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 leverages a heap buffer overflow in the ANGLE graphics translation layer, enabling attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. Chromium rates the severity as High and CVSS scores it at 8.3, though EPSS remains very low at 0.03% and no public exploit has been identified at time of analysis.

Google Heap Overflow Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers, who have already compromised the renderer process, to break out of the browser sandbox via a use-after-free flaw in the ANGLE graphics translation layer. Exploitation requires user interaction (visiting a crafted HTML page) and a prior renderer compromise, making this a second-stage primitive in a chained attack. EPSS is low at 0.03% and there is no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as High.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Renderer-to-browser sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 enables remote code execution via a use-after-free in the GPU process. An attacker who has already compromised the renderer can leverage a crafted HTML page to corrupt GPU process memory and execute arbitrary code outside the renderer sandbox. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Chromium rates the underlying severity as High.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds memory access in the ANGLE graphics translation layer that lets a remote attacker run arbitrary code inside the renderer sandbox via a crafted HTML page. Chromium rates the issue High severity and a vendor patch is available, though no public exploit identified at time of analysis and the EPSS score of 0.04% (12th percentile) indicates very low observed exploitation likelihood at this time.

Google Information Disclosure RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandboxed arbitrary code execution in Google Chrome (Skia graphics library) prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to execute additional code inside the Chrome sandbox via a crafted HTML page. The flaw is an integer overflow rated High by Chromium's security team with a CVSS of 7.5, but EPSS is very low (0.04%, 12th percentile) and there is no public exploit identified at time of analysis. Exploitation requires user interaction (visiting a page) and a pre-existing renderer compromise, so this is a chain component rather than a standalone RCE.

Google RCE Red Hat +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandbox escape and arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break memory safety and execute code in a higher-privileged context. No public exploit identified at time of analysis, though Chromium rates the underlying severity as High.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 enables a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the DOM implementation. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and Google has rated the Chromium severity as High; no public exploit is identified at the time of analysis and the issue is not listed in CISA KEV.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows remote attackers to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a CWE-787 out-of-bounds write in V8 carrying a CVSS 8.8 (High) with Chromium severity rated High; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted Chrome Extension exploiting a use-after-free in the Extensions component. Chromium rates the underlying flaw as Critical severity, though no public exploit has been identified at time of analysis and EPSS exploitation probability sits at 0.03% (11th percentile).

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.216 allows attackers to exploit a use-after-free condition in the Proxy component via a malicious PAC (Proxy Auto-Config) script delivered through a crafted web page. Chromium rates this as Critical severity, and while no public exploit identified at time of analysis, the EPSS score of 0.04% reflects low predicted exploitation activity despite the high CVSS 8.8 rating. Successful exploitation requires user interaction (UI:R) such as visiting an attacker-controlled page that triggers the vulnerable PAC processing path.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 148.0.7778.216 allows attackers to exploit a use-after-free flaw in the Browser component via a malicious HTML page. Rated Critical by Chromium's security team with a CVSS of 8.8, exploitation requires user interaction (visiting a crafted page) but no authentication, and no public exploit identified at time of analysis. A vendor patch is available through the Chrome stable channel update.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code via a crafted HTML page exploiting a use-after-free flaw in the Base component. Chromium classifies the severity as Critical, and Google has shipped a stable channel update; no public exploit has been identified at time of analysis. Exploitation requires user interaction (visiting a malicious page), which is the typical drive-by browser attack model.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics layer (prior to 148.0.7778.216) allows unauthenticated remote attackers to read sensitive cross-origin information by luring a victim to a crafted HTML page. The root cause is an integer overflow in ANGLE, Chrome's graphics translation engine, which is internally rated Critical by the Chrome security team despite a CVSS score of only 4.3. No public exploit has been identified at time of analysis, and the EPSS exploitation probability is very low at 0.03% (11th percentile), though the cross-origin data leakage class of vulnerability has historically attracted targeted exploitation in browser ecosystems.

Google Information Disclosure Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses insufficient input validation in WebGL. Chromium rates the underlying severity as Critical, and while no public exploit is identified at time of analysis, the EPSS score is low (0.04%, 14th percentile) and the CVSS:3.1 base is 8.3 due to high attack complexity and required user interaction. The flaw is part of a multi-stage exploit chain rather than a one-shot RCE.

Google Information Disclosure Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from an out-of-bounds write in the ANGLE graphics translation layer, allowing a remote attacker to execute arbitrary code in the browser's renderer context after a victim visits a crafted HTML page. Chromium rates this severity Critical and CVSS scores it 8.8, with vendor patches released via the Stable channel update; no public exploit identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in ANGLE, the graphics abstraction layer that translates OpenGL ES calls to native GPU APIs. A remote attacker who lures a user into visiting a crafted HTML page can execute arbitrary code within the renderer sandbox, with Chromium rating the severity as Critical. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a use-after-free flaw in the ANGLE graphics translation layer. Exploitation requires user interaction with a crafted HTML page and is typically chained with a separate renderer-compromise bug. No public exploit identified at time of analysis, and EPSS is very low (0.03%), though Google rated the underlying issue Critical severity.

Google Use After Free Denial Of Service +4
NVD VulDB
Prev Page 8 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy