Skip to main content

Suse

9353 CVEs vendor

Monthly

CVE-2025-27463 CRITICAL Act Now

Local privilege escalation in Xen's Windows PV (paravirtualized) drivers arises because the XenIface interface is exposed to userspace with no security descriptor, leaving it fully accessible to unprivileged users. Any low-privileged local user on an affected Windows guest can interact with this facility to gain elevated control over the system. This is one of three sibling issues (alongside CVE-2025-27462 XenCons and CVE-2025-27464 XenBus) disclosed in Xen Security Advisory XSA-468; no public exploit has been identified at time of analysis.

Privilege Escalation Microsoft Windows Pv Drivers Suse
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-27462 CRITICAL Act Now

Local privilege escalation in the Xen Windows PV Drivers (the XenCons paravirtualized console interface) lets any unprivileged user of a Windows guest reach a device object that ships with no security descriptor, so its facilities are fully accessible to non-administrators. Successful abuse can yield full compromise of the guest with integrity, confidentiality and availability impact, and the vendor scores it critical (CVSS 4.0 base 9.4) with subsequent-system impact. There is no public exploit identified at time of analysis and it is not on CISA KEV. This is one of three related XSA-468 issues (XenCons/CVE-2025-27462, XenIface/CVE-2025-27463, XenBus/CVE-2025-27464).

Privilege Escalation Microsoft Windows Pv Drivers Suse
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2026-14969 MEDIUM This Month

Attribute encryption in the 389-ds-base LDBM backend exposes a cryptographic design flaw affecting Red Hat Directory Server 11, 12, and 13 across all supported RHEL releases (6 through 10). The LDBM backend applies a static, hardcoded initialization vector (IV) for both AES-CBC and 3DES-CBC encryption of directory attribute values, meaning that two entries storing identical plaintext for an encrypted attribute will always produce identical ciphertext blocks - a classic ciphertext equality oracle. An attacker with privileged filesystem-level read access to the LDBM database files can exploit this to determine whether any two encrypted attribute values are identical, leaking relational information about the directory without recovering plaintext. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Information Disclosure Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 Red Hat Enterprise Linux 10 +6
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2026-14940 MEDIUM This Month

Heap-buffer-overflow in 389 Directory Server's DN normalization routine allows an unauthenticated remote attacker to corrupt heap memory and likely crash the LDAP service. The flaw triggers when the server processes an LDAP operation - such as a search request - whose base DN contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), causing an out-of-bounds write during RDN attribute-value pair sorting. Per the confirmed CVSS vector (PR:N), no authentication is required; no public exploit code or CISA KEV listing has been identified at time of analysis.

Heap Overflow Denial Of Service Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 +8
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-11610 HIGH PATCH This Week

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LDAP client to crash the server by sending an oversized UNBIND packet over a SASL integrity-protected connection. The oversized data overflows a fixed 512-byte heap receive buffer in sasl_io_recv() (sasl_io.c), and in FreeIPA / Red Hat IdM any domain user, enrolled host, or service account with a valid Kerberos ticket can trigger it after GSSAPI authentication. There is no public exploit identified at time of analysis, and this flaw is distinct from the earlier CVE-2025-14905 schema.c overflow, which did not fix this code path.

Heap Overflow Denial Of Service Buffer Overflow Red Hat Red Hat Directory Server 11 +8
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-14476 HIGH This Week

Privilege escalation to root and Kerberos-based authentication bypass in SSSD's Active Directory GPO provider affects Red Hat Enterprise Linux 6 through 10 and OpenShift Container Platform 4. Because ad_gpo_extract_smb_components() fails to sanitize '..' sequences in the gPCFileSysPath LDAP attribute (CWE-23), an actor holding AD GPO management rights can force an SSSD-enrolled host to write attacker-controlled files outside the GPO cache as root, injecting Kerberos configuration to bypass authentication. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Authentication Bypass Red Hat Path Traversal Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +5
NVD VulDB
CVSS 3.1
8.0
EPSS
0.7%
CVE-2026-14474 HIGH This Week

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user with write access to any subtree to inject a malicious sudoRole object and gain root-level sudo on every SSSD-enrolled host. The flaw exists because, when ldap_sudo_search_base is left unset, SSSD searches the entire directory tree for sudoRole objects, trusting rules planted anywhere in the DIT. Rated CVSS 8.8 by Red Hat and reported against RHEL 6 through 10 and OpenShift Container Platform 4; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-46292 PyPI HIGH POC PATCH GHSA This Week

Python Cisco Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2026-14355 MEDIUM PATCH This Month

Heap-based buffer overflow in PHP's OpenSSL extension affects all maintained PHP branches (8.2.x, 8.3.x, 8.4.x, 8.5.x) when the AES key-wrap-with-padding (AES-WRAP-PAD) algorithm per RFC 5649 is invoked. The output buffer is allocated based only on plaintext length, omitting the mandatory RFC 5649 padding expansion, causing OpenSSL to write beyond the allocated heap region, corrupt heap metadata, and abort the process. No public exploit has been identified at time of analysis; vendor-released patches are available for all affected branches.

Heap Overflow OpenSSL Buffer Overflow PHP Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-14631 MEDIUM PATCH This Month

webpack-dev-server 5.2.5 and earlier crash the entire Node.js host process when an unauthenticated remote peer sends either an HTTP request with a malformed Host header or a WebSocket upgrade to the /ws endpoint with a malformed Origin header. The malformed value bypasses graceful error handling in the host-validation path, triggering an uncaught exception that terminates the dev server process entirely. Impact is confined to availability - no confidentiality loss and no code execution occur despite a misleading 'RCE' tag in the source intelligence, which appears to be a mislabeling inconsistent with the vendor description and CVSS vector (C:N/I:N). No public exploit or CISA KEV listing exists at time of analysis.

Node.js RCE Webpack Dev Server Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-14620 MEDIUM PATCH This Month

Cross-site request forgery in webpack-dev-server 5.2.5 and earlier allows any website visited by a developer to silently invoke two unauthenticated state-changing endpoints - `/webpack-dev-server/open-editor` and `/webpack-dev-server/invalidate` - via simple browser-initiated GET requests that carry no CSRF protection. An attacker controlling a web page visited during an active dev session can open arbitrary local files in the developer's editor (including files outside the project root) and trigger repeated forced recompilations that degrade workstation performance. No public exploit has been identified at time of analysis, and exploitation is confined to developer workstations rather than production infrastructure.

CSRF Webpack Dev Server Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-13698 MEDIUM PATCH This Month

Memory leak in OpenVPN (pre-2.7.5) allows network-accessible unauthenticated attackers to exhaust server memory, resulting in high availability impact and denial of service. The flaw, classified CWE-401, requires specific attack prerequisites (CVSS 4.0 AT:P) and passive client interaction (UI:P), meaning it is not trivially exploitable against all default deployments. No active exploitation has been confirmed in CISA KEV and no public exploit code has been identified at time of analysis; vendor patch v2.7.5 is available.

Microsoft Information Disclosure Openvpn Red Hat Suse
NVD GitHub
CVSS 4.0
6.0
EPSS
0.5%
CVE-2026-13122 MEDIUM PATCH This Month

Denial-of-service in OpenVPN via a reachable assertion (CWE-617) allows a remote, low-privileged attacker to crash the OpenVPN daemon under high-complexity, timing-specific conditions. All OpenVPN deployments running versions prior to v2.7.5 are affected; the fix is available in the v2.7.5 release disclosed pre-NVD via GitHub. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.0 score of 5.9 (Medium) reflects the constrained exploitation path, though VPN service disruption carries meaningful operational impact for affected operators.

Microsoft Information Disclosure Openvpn Red Hat Suse
NVD GitHub
CVSS 4.0
5.9
EPSS
0.5%
CVE-2026-14426 HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-14394 HIGH PATCH This Week

Remote code execution risk in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) arises from a use-after-free that a remote attacker can trigger by luring a victim to a crafted HTML page, leading to heap corruption and potential arbitrary code execution in the renderer. The CVSS 8.8 rating reflects high impact with only user interaction (visiting a page) required, though Google rated the Chromium security severity as Low and no public exploit is identified at time of analysis. EPSS is low at 0.18% (8th percentile) and CISA SSVC records no known exploitation.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14432 HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine (versions before 150.0.7871.46) lets a remote attacker achieve arbitrary code execution inside the renderer sandbox by luring a victim to a crafted HTML page. Chromium rated this Medium severity, but the CVSS 8.8 reflects high confidentiality, integrity, and availability impact requiring only a single user click; there is no public exploit identified at time of analysis and CISA's SSVC framework records no known exploitation. Because scope is unchanged (S:U), code execution is confined to the sandbox and does not by itself constitute a full host compromise.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14393 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows an attacker to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) reported by Google's own Chrome team; Chromium rated it Medium severity while NVD assigns CVSS 8.8. No public exploit has been identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none'.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14403 HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14419 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Skia graphics library affects all desktop Chrome builds prior to 150.0.7871.46, where a use-after-free (CWE-416) triggered by a crafted HTML page can let a remote attacker break out of the renderer sandbox. Google rates the Chromium severity Critical and CVSS is 9.6, but there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as none. A vendor patch is available in the June 2026 Stable channel release.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14417 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn (WebGPU) component affects all desktop builds prior to 150.0.7871.46, where a use-after-free lets a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Google rates the Chromium severity Critical, and the CVSS 3.1 score of 9.6 reflects a scope-changing memory-corruption bug. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though a vendor patch is already shipping in the Stable channel.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14424 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS (versions prior to 150.0.7871.46) stems from a use-after-free in Dawn, Chrome's WebGPU/graphics abstraction layer, and allows a remote attacker who lures a victim to a crafted HTML page to potentially break out of the renderer sandbox and gain higher-privileged code execution on the host. The flaw is rated High by Chromium and carries a CVSS 9.6 due to its network attack vector, low complexity, and scope change. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, and CISA's SSVC framework currently marks exploitation as 'none' though technical impact as 'total'.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14425 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics component affects all desktop builds prior to 150.0.7871.46, where a use-after-free condition lets a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Chromium rates the severity High and a fixed stable-channel build is available, but SSVC records no observed exploitation and no public exploit identified at time of analysis. The high CVSS (9.6) is driven by the scope change inherent to sandbox escape rather than confirmed real-world abuse.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14390 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer lets a remote attacker who lures a victim to a crafted HTML page break out of the renderer sandbox and gain code execution in a higher-privilege context. All Chrome desktop builds prior to 150.0.7871.46 are affected. Chromium rated the underlying use-after-free High severity; no public exploit has been identified at time of analysis and SSVC records exploitation status as none.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14398 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 150.0.7871.46 lets a remote attacker break out of the renderer sandbox when a victim opens a crafted HTML page. Rated Critical by Chromium with a 9.6 CVSS score, the flaw is a use-after-free (CWE-416) requiring only that the target visit a malicious site. No public exploit or active exploitation is identified at time of analysis, and CISA's SSVC assessment lists exploitation as none.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14405 CRITICAL PATCH Act Now

Arbitrary code execution within the renderer sandbox in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) can be triggered when a victim loads a crafted HTML page. The flaw stems from use of uninitialized memory in V8 and, while carrying a high CVSS base score of 9.6, was rated only Low severity by Chromium because code execution is confined inside the renderer sandbox and still requires a separate sandbox escape for full host compromise. No public exploit identified at time of analysis, and CISA's SSVC framework marks exploitation status as none.

RCE Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-14399 MEDIUM PATCH This Month

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14408 MEDIUM PATCH This Month

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14421 MEDIUM PATCH This Month

Uninitialized memory use in Dawn, Chrome's WebGPU implementation, on ChromeOS prior to version 150.0.7871.46 enables remote attackers to read potentially sensitive contents from GPU process memory by serving a crafted HTML page. The flaw (CWE-457) allows stale or uninitialized buffer data to be exposed back to the requesting JavaScript context without proper sanitization. No public exploit has been identified at time of analysis, and CISA SSVC rates this as non-automatable with partial technical impact, though the CVSS confidentiality rating is High.

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14413 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. The flaw is an uninitialized-memory use (CWE-457) in ANGLE, reported by Google's own Chrome team and fixed in the June 2026 Stable channel update. No public exploit is identified at time of analysis, and CISA's SSVC framework records exploitation status as none, but the total technical impact and sandbox-escape nature make it a high-priority browser patch.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14418 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics subsystem (all versions prior to 150.0.7871.46) enables remote attackers to read sensitive data from other browser origins by luring a victim to a crafted HTML page. The flaw stems from uninitialized memory use in ANGLE, Chrome's GPU abstraction layer, which may expose stale cross-origin pixel buffers or texture memory to attacker-controlled JavaScript. No public exploit has been identified and CISA's SSVC framework rates exploitation as none with a non-automatable attack path, indicating limited immediate real-world threat despite the network-accessible vector.

Information Disclosure Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-14402 MEDIUM PATCH This Month

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Information Disclosure Microsoft Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14431 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (all channels prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a CWE-843 type-confusion bug rated High by Chromium and CVSS 8.8; there is no public exploit identified at time of analysis and CISA's SSVC framework marks exploitation status as none. Because CVSS is AV:N/PR:N with UI:R, exploitation is unauthenticated but requires the victim to open a malicious page.

Memory Corruption RCE Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14423 CRITICAL PATCH Act Now

Sandbox escape via type confusion in Tint, the WGSL shader compiler within Chrome's Dawn/WebGPU stack, affects Google Chrome desktop versions prior to 150.0.7871.46. A remote attacker who lures a victim to a crafted HTML page can trigger the flaw (CWE-843) to potentially break out of the renderer/GPU sandbox and gain broader access on the host. Rated High by Chromium with a CVSS 9.6 (scope-changed), though there is no public exploit identified at time of analysis and CISA SSVC currently records exploitation status as 'none'.

Memory Corruption Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14395 HIGH PATCH This Week

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption RCE Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14392 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Tint WebGPU shader compiler affects all Desktop builds prior to 150.0.7871.46, where a crafted HTML page triggers an out-of-bounds write (CWE-787) that a remote attacker can leverage to break out of the renderer sandbox. Reported internally by the Chrome team and rated High by Chromium, the flaw carries a CVSS 9.6 due to its scope-changing memory-corruption impact, but there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as none. A vendor patch is already available, so the practical priority is rapid browser updating rather than emergency mitigation.

Memory Corruption Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14400 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. This is an out-of-bounds write (CWE-787) rated High by Chromium and scored CVSS 8.3. There is no public exploit identified at time of analysis and CISA SSVC lists exploitation as 'none', though the technical impact is rated 'total'.

Memory Corruption Buffer Overflow Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14397 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for macOS (versions prior to 150.0.7871.46) stems from an out-of-bounds write in ANGLE, the graphics abstraction layer that translates WebGL/OpenGL ES calls to native backends (Metal on Mac). A remote attacker who lures a victim to a crafted HTML page can corrupt memory in the GPU/graphics process to potentially break out of the renderer sandbox. There is no public exploit identified at time of analysis; Google rated the Chromium severity as Medium, and CISA's SSVC framework marks exploitation as none, though the CVSS base score is 9.6 due to the scope-changing sandbox-escape impact.

Memory Corruption Buffer Overflow Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14406 MEDIUM PATCH This Month

Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-14416 CRITICAL PATCH Act Now

Out-of-bounds read in the Dawn WebGPU implementation of Google Chrome before 150.0.7871.46 lets a remote attacker who lures a victim to a crafted HTML page potentially escape the renderer sandbox and disclose out-of-bounds memory. The upstream Chromium team rated the security severity as Low, yet the associated CVSS 3.1 base score is 9.6 due to a scope change and high triad impact. There is no public exploit identified at time of analysis, and the CISA SSVC decision framework records exploitation as none and automatable as no.

Google Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14388 MEDIUM PATCH This Month

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14386 MEDIUM PATCH This Month

Out-of-bounds read in ANGLE (Chrome's cross-platform graphics abstraction layer) prior to version 150.0.7871.46 allows a remote attacker to extract potentially sensitive data from the browser's process memory by directing a victim to a crafted HTML page. The CVSS vector confirms network delivery with no authentication required but mandates user interaction, and the High confidentiality impact (C:H) indicates that in-memory data such as session tokens, cached credentials, or page content could be exposed. SSVC assessment records no active exploitation and the flaw is absent from the CISA KEV catalog; a vendor patch has been released and no public exploit code has been identified at time of analysis.

Google Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14396 MEDIUM PATCH This Month

Cross-origin data exfiltration in Google Chrome's ANGLE graphics layer exposes sensitive browser memory contents to remote attackers who can induce a victim to visit a crafted HTML page. The out-of-bounds read in ANGLE (Chrome's cross-platform graphics abstraction engine) affects all Chrome desktop versions prior to 150.0.7871.46, confirmed by Google's stable channel advisory. No public exploit code or active exploitation has been identified at time of analysis; an EPSS of 0.17% (7th percentile) reflects minimal current weaponization pressure despite the high confidentiality impact assigned in CVSS.

Google Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14384 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on Windows prior to 150.0.7871.46 stems from an out-of-bounds read in ANGLE, the browser's graphics abstraction layer. Remote attackers can exploit this by serving a crafted HTML page to a Windows user, causing the ANGLE subsystem to read memory beyond its intended buffer boundary and exposing data belonging to a separate web origin. No public exploit code has been identified at time of analysis, and the EPSS score of 0.18% (8th percentile) indicates low exploitation probability in the near term.

Google Microsoft Buffer Overflow Information Disclosure Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14422 HIGH PATCH This Week

Out-of-bounds memory access in Google Chrome's Tint component (the WGSL shader translator inside the Dawn/WebGPU stack) affects all desktop builds prior to 150.0.7871.46 and lets a remote attacker corrupt memory when a victim opens a crafted HTML page. Chromium rates the severity High and the CVSS 3.1 score is 8.8, driven by high confidentiality, integrity, and availability impact requiring only that the user visit a malicious page. No public exploit identified at time of analysis, and the low EPSS score (0.19%, 9th percentile) indicates exploitation is not currently widespread.

Google Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14420 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn WebGPU implementation prior to 150.0.7871.46 lets a remote attacker use a crafted HTML page to trigger an out-of-bounds read and write, potentially breaking out of the renderer sandbox. Rated Critical by Chromium with a CVSS of 9.6 (scope-changed), it requires the victim to visit a malicious page but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Google Buffer Overflow Information Disclosure Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14430 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is an integer overflow in V8, rated High by Chromium and scored CVSS 8.8; exploitation requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none, indicating no observed in-the-wild activity yet.

RCE Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-14389 HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library (versions before 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Medium by Chromium but scored CVSS 8.3 due to scope change and total impact; there is no public exploit identified at time of analysis and SSVC reports no observed exploitation. Realistically it is a second-stage bug that must be chained with a prior renderer compromise, which raises the practical difficulty.

Buffer Overflow Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14387 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Skia graphics library affects all desktop builds prior to 150.0.7871.46, where an integer overflow triggered by a crafted HTML page can break out of the renderer sandbox into the more-privileged browser process. A remote attacker who lures a victim to a malicious page could potentially compromise the host beyond the rendering sandbox. There is no public exploit identified at time of analysis, and CISA SSVC scores exploitation as 'none'.

Buffer Overflow Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14391 MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Microsoft Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-14429 HIGH PATCH This Week

Sandbox escape in Google Chrome (Skia graphics library) prior to 150.0.7871.46 allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page, elevating a contained renderer compromise into a full-privilege breakout on the host. Rated High severity by Chromium, it carries a CVSS 3.1 score of 8.3 (scope-changed) with no public exploit identified at time of analysis and CISA SSVC recording exploitation status as none. It is a second-stage vulnerability that must be chained with a prior renderer exploit, so it is not directly exploitable against a fresh browser.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14414 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-14428 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android (versions prior to 150.0.7871.46) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page that abuses insufficient input validation in the Dawn WebGPU component. Google rates the Chromium severity as High, and the flaw carries a CVSS 8.3 with a scope-changing impact. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14412 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox by luring a victim to a crafted HTML page. This is a second-stage bug that chains with a prior renderer-level exploit rather than a standalone entry point; Chromium rates it High severity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with SSVC recording exploitation status as none.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14411 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics component before 150.0.7871.46 lets a remote attacker break out of the renderer sandbox when a victim loads a malicious web page. The flaw stems from insufficient validation of untrusted input (CWE-20) in ANGLE and carries a CVSS 9.6 due to scope change and full CIA impact, though exploitation requires the user to visit attacker-controlled content. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with SSVC exploitation status assessed as none.

Information Disclosure Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14382 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets a remote attacker break out of the renderer sandbox when a victim visits a crafted HTML page. The flaw stems from insufficient validation of untrusted input (CWE-20) in ANGLE and carries a critical 9.6 CVSS score due to the scope-changing sandbox escape. Google has shipped a fix and rates the Chromium severity as High; there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Information Disclosure Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14401 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics component on Android (versions prior to 150.0.7871.46) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 8.3, the flaw stems from improper validation of untrusted input in ANGLE and requires renderer compromise plus user interaction as prerequisites. There is no public exploit identified at time of analysis, and CISA SSVC lists exploitation status as none.

Information Disclosure Google Suse
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14381 MEDIUM PATCH This Month

UI spoofing in Google Chrome's WebAppInstalls component (versions prior to 150.0.7871.46) enables remote attackers to misrepresent security indicators during Progressive Web App installation prompts via a crafted HTML page. The incorrect security UI (CWE-451) can deceive users into believing they are installing a legitimate, trusted application when they are not, resulting in a low-integrity impact. EPSS is 0.18% (8th percentile), no public exploit code exists, and this vulnerability has not been added to CISA KEV, indicating minimal active exploitation risk at time of analysis.

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14415 HIGH PATCH This Week

Heap corruption in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 lets a remote attacker who lures a user to a crafted HTML page and coaxes them into specific UI gestures potentially achieve memory corruption and code execution in the renderer. The flaw was reported internally by the Chrome team and is patched in the Stable channel; no public exploit identified at time of analysis, and EPSS is low (0.18%, 8th percentile). Note the tension in the signals: NVD/aggregator CVSS is 8.8 (High) while Google's own Chromium severity rating is Low.

Heap Overflow Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14409 HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

RCE Google Privilege Escalation Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-14407 HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Buffer Overflow Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-14383 HIGH PATCH This Week

Remote code execution in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 allows a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code — though notably only within the renderer sandbox rather than achieving full host compromise. Rated CVSS 8.8 and stemming from a code-generation flaw (CWE-94) in V8, it affects all Chrome desktop installations on the vulnerable channel; a fix has shipped, but there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Code Injection Google RCE Suse
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-14410 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Skia graphics engine (versions prior to 150.0.7871.46) allows a remote attacker who has already compromised the renderer process to mislead users through a crafted HTML page. The attack requires renderer process compromise as a prerequisite, making this a chained exploit component rather than a standalone threat. EPSS at 0.18% (8th percentile) and absence from CISA KEV confirm no known active exploitation; Chromium's own team rated this Low severity.

Information Disclosure Google Suse
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-14404 MEDIUM PATCH This Month

UI spoofing via a crafted PDF file in Google Chrome's PDFium rendering engine allows a remote, unauthenticated attacker to visually mislead users into performing unintended actions or trusting falsified content. All Chrome versions prior to 150.0.7871.46 are affected. Exploitation requires the victim to open a malicious PDF - no special configuration is needed beyond default Chrome behavior. No public exploit identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact.

Information Disclosure Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14427 HIGH PATCH This Week

Sandbox escape in Google Chrome desktop before 150.0.7871.46 is possible through a heap buffer overflow in the Skia graphics library, letting an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Critical by Chromium and CVSS 8.3, it is a second-stage bug: it presumes prior renderer code execution rather than granting initial access on its own. No public exploit identified at time of analysis, and CISA SSVC records exploitation status as none.

Heap Overflow Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14385 HIGH PATCH This Week

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13769 MEDIUM PATCH This Month

Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).

Information Disclosure Aws Cli Red Hat Suse
NVD GitHub
CVSS 4.0
6.8
EPSS
0.1%
CVE-2022-46295 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46294 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46291 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46290 PyPI HIGH PATCH GHSA This Week

Heap Overflow Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46289 PyPI HIGH PATCH GHSA This Week

Heap Overflow Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46280 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-44451 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-43607 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-43467 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-42885 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-41793 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-37331 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2026-20244 HIGH PATCH This Week

Denial of service in ClamAV's DMG file format parser allows a remote, unauthenticated attacker to crash the scanning engine by submitting a crafted Apple Disk Image (DMG) for inspection. The flaw stems from an integer overflow triggered during boundary checks on DMG content and manifests only on 32-bit builds of ClamAV; memory corruption raises the theoretical possibility of expanded impact beyond a crash, though only DoS is described. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Clamav Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20243 HIGH PATCH This Week

Denial of service in ClamAV's ALZ archive parser allows an unauthenticated, remote attacker to crash the scanning engine by submitting a crafted ALZ file, with the vendor noting possible expanded impact beyond DoS. The flaw is a heap out-of-bounds write triggered during scanning, and because ClamAV is commonly deployed as an automated mail/upload gateway scanner, an attacker only needs to get a malicious file scanned. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Clamav Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20217 HIGH PATCH This Week

Availability-impacting out-of-bounds write in ClamAV's PESpin file-format parser lets an unauthenticated remote attacker crash the scanning engine by submitting a crafted PESpin-packed file for scanning. Because ClamAV frequently sits inline on mail gateways, file-upload paths, and proxies, a single malicious sample can terminate the scanning process and produce a denial of service; the memory corruption may permit expanded impact beyond DoS though only crash impact is confirmed. There is no public exploit identified at time of analysis and it is not on CISA KEV, with EPSS not provided.

Buffer Overflow Secure Endpoint Clamav Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20216 HIGH PATCH This Week

Denial of service in ClamAV's InstallShield file format parser allows a remote, unauthenticated attacker (per CVSS PR:N) to crash the scanning engine and temporarily exhaust system resources by submitting a specially crafted InstallShield file for scanning. The flaw stems from improper handling of temporary resources during file scanning (CWE-770), impacting availability only (C:N/I:N/A:H) with no code execution or data exposure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network attack vector and low complexity make it easy to trigger anywhere ClamAV automatically scans attacker-supplied files.

Denial Of Service Secure Endpoint Clamav Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20215 HIGH PATCH This Week

Denial of service in ClamAV's 7z archive scanner allows a remote, unauthenticated attacker to crash the scanning process by submitting a crafted 7z file, resulting in an out-of-bounds heap write (CWE-120). Because ClamAV is commonly deployed inline on mail gateways and upload-scanning pipelines, a single malicious attachment can be delivered without any interaction or credentials. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though Cisco (ClamAV's maintainer) rates confidentiality/integrity impact as none and availability as high.

Buffer Overflow Secure Endpoint Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20214 HIGH PATCH This Week

Denial of service in ClamAV's FSG file format parser allows an unauthenticated remote attacker to crash the scanning engine, and potentially achieve broader memory-corruption impact, by submitting a crafted FSG-compressed portable executable to be scanned. The flaw stems from an out-of-bounds buffer write during FSG decompression, affecting any deployment that scans attacker-supplied files. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-authentication, no-interaction nature (CVSS 7.5) makes it a meaningful availability risk for mail/file-scanning gateways.

Buffer Overflow Secure Endpoint Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-20213 HIGH PATCH This Week

Denial of service in ClamAV's PE (Portable Executable) file format parser lets an unauthenticated, remote attacker crash the scanning engine by submitting a crafted PE file for scanning, triggering an out-of-bounds buffer write (CWE-120). Reported by Cisco PSIRT (ClamAV's maintainer), the flaw carries CVSS 7.5 with an availability-only impact; the advisory notes memory corruption could 'possibly' enable expanded impacts beyond DoS. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-24260 HIGH This Week

Privilege escalation and container escape in NVIDIA Container Toolkit for Linux (and the GPU Operator that bundles it) stem from a time-of-check to time-of-use (TOCTOU) race condition that can lead to arbitrary code execution, privilege escalation, and data tampering across a scope boundary. A low-privileged attacker who can win the race may break out of the intended isolation boundary of GPU-enabled containers. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; NVIDIA is the reporting source via its product-security advisory 5850.

Nvidia RCE Container Toolkit Gpu Operator Red Hat +1
NVD GitHub
CVSS 3.1
8.5
EPSS
0.5%
CVE-2026-14330 MEDIUM PATCH This Month

Stack exhaustion via multiple unbounded alloca() calls in the PulseAudio protocol server on Red Hat Enterprise Linux 8, 9, and 10 allows a local low-privileged attacker to crash the audio daemon, resulting in denial of service. The root cause (CWE-770) is the absence of size validation on attacker-controlled protocol parameters before passing them to alloca(), a stack-based allocator with no OS-enforced ceiling. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-14324 MEDIUM PATCH This Month

Denial-of-service via NULL pointer dereference in PipeWire's RAOP (Remote Audio Output Protocol) module affects Red Hat Enterprise Linux 8, 9, and 10. The RAOP module fails to enforce an upper bound on Content-Length values in incoming requests and does not validate the return value of pw_array_add(); when a sufficiently large Content-Length triggers an allocation failure, the unchecked NULL return causes a crash of the PipeWire daemon, resulting in complete loss of audio services. No special authentication is required from the adjacent network, and no public exploit or CISA KEV listing has been identified at time of analysis.

Denial Of Service Null Pointer Dereference Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14258 MEDIUM This Month

Denial of service in dhcpcd's IPv6 Neighbor Discovery Router Advertisement parser allows an adjacent unauthenticated attacker to exhaust CPU resources on any host running dhcpcd with IPv6 enabled. The flaw (CWE-835 - infinite loop) arises because a zero-length Neighbor Discovery option passes initial storage validation but is later reparsed without sufficient bounds enforcement, causing the parser to loop indefinitely without advancing. No active exploitation is confirmed (not in CISA KEV), but the adjacent-network attack vector and zero-privilege requirement make this actionable on shared Layer-2 environments such as enterprise Wi-Fi, cloud VLANs, and data-center segments.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-14156 MEDIUM PATCH This Month

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Authentication Bypass Google Suse
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 9.4
CRITICAL Act Now

Local privilege escalation in Xen's Windows PV (paravirtualized) drivers arises because the XenIface interface is exposed to userspace with no security descriptor, leaving it fully accessible to unprivileged users. Any low-privileged local user on an affected Windows guest can interact with this facility to gain elevated control over the system. This is one of three sibling issues (alongside CVE-2025-27462 XenCons and CVE-2025-27464 XenBus) disclosed in Xen Security Advisory XSA-468; no public exploit has been identified at time of analysis.

Privilege Escalation Microsoft Windows Pv Drivers +1
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

Local privilege escalation in the Xen Windows PV Drivers (the XenCons paravirtualized console interface) lets any unprivileged user of a Windows guest reach a device object that ships with no security descriptor, so its facilities are fully accessible to non-administrators. Successful abuse can yield full compromise of the guest with integrity, confidentiality and availability impact, and the vendor scores it critical (CVSS 4.0 base 9.4) with subsequent-system impact. There is no public exploit identified at time of analysis and it is not on CISA KEV. This is one of three related XSA-468 issues (XenCons/CVE-2025-27462, XenIface/CVE-2025-27463, XenBus/CVE-2025-27464).

Privilege Escalation Microsoft Windows Pv Drivers +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Attribute encryption in the 389-ds-base LDBM backend exposes a cryptographic design flaw affecting Red Hat Directory Server 11, 12, and 13 across all supported RHEL releases (6 through 10). The LDBM backend applies a static, hardcoded initialization vector (IV) for both AES-CBC and 3DES-CBC encryption of directory attribute values, meaning that two entries storing identical plaintext for an encrypted attribute will always produce identical ciphertext blocks - a classic ciphertext equality oracle. An attacker with privileged filesystem-level read access to the LDBM database files can exploit this to determine whether any two encrypted attribute values are identical, leaking relational information about the directory without recovering plaintext. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Information Disclosure Red Hat Directory Server 11 Red Hat Directory Server 12 +8
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Heap-buffer-overflow in 389 Directory Server's DN normalization routine allows an unauthenticated remote attacker to corrupt heap memory and likely crash the LDAP service. The flaw triggers when the server processes an LDAP operation - such as a search request - whose base DN contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), causing an out-of-bounds write during RDN attribute-value pair sorting. Per the confirmed CVSS vector (PR:N), no authentication is required; no public exploit code or CISA KEV listing has been identified at time of analysis.

Heap Overflow Denial Of Service Buffer Overflow +10
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LDAP client to crash the server by sending an oversized UNBIND packet over a SASL integrity-protected connection. The oversized data overflows a fixed 512-byte heap receive buffer in sasl_io_recv() (sasl_io.c), and in FreeIPA / Red Hat IdM any domain user, enrolled host, or service account with a valid Kerberos ticket can trigger it after GSSAPI authentication. There is no public exploit identified at time of analysis, and this flaw is distinct from the earlier CVE-2025-14905 schema.c overflow, which did not fix this code path.

Heap Overflow Denial Of Service Buffer Overflow +10
NVD VulDB
EPSS 1% CVSS 8.0
HIGH This Week

Privilege escalation to root and Kerberos-based authentication bypass in SSSD's Active Directory GPO provider affects Red Hat Enterprise Linux 6 through 10 and OpenShift Container Platform 4. Because ad_gpo_extract_smb_components() fails to sanitize '..' sequences in the gPCFileSysPath LDAP attribute (CWE-23), an actor holding AD GPO management rights can force an SSSD-enrolled host to write attacker-controlled files outside the GPO cache as root, injecting Kerberos configuration to bypass authentication. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Authentication Bypass Red Hat Path Traversal +7
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user with write access to any subtree to inject a malicious sudoRole object and gain root-level sudo on every SSSD-enrolled host. The flaw exists because, when ldap_sudo_search_base is left unset, SSSD searches the entire directory tree for sudoRole objects, trusting rules planted anywhere in the DIT. Rated CVSS 8.8 by Red Hat and reported against RHEL 6 through 10 and OpenShift Container Platform 4; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +6
NVD VulDB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Python Cisco Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap-based buffer overflow in PHP's OpenSSL extension affects all maintained PHP branches (8.2.x, 8.3.x, 8.4.x, 8.5.x) when the AES key-wrap-with-padding (AES-WRAP-PAD) algorithm per RFC 5649 is invoked. The output buffer is allocated based only on plaintext length, omitting the mandatory RFC 5649 padding expansion, causing OpenSSL to write beyond the allocated heap region, corrupt heap metadata, and abort the process. No public exploit has been identified at time of analysis; vendor-released patches are available for all affected branches.

Heap Overflow OpenSSL Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

webpack-dev-server 5.2.5 and earlier crash the entire Node.js host process when an unauthenticated remote peer sends either an HTTP request with a malformed Host header or a WebSocket upgrade to the /ws endpoint with a malformed Origin header. The malformed value bypasses graceful error handling in the host-validation path, triggering an uncaught exception that terminates the dev server process entirely. Impact is confined to availability - no confidentiality loss and no code execution occur despite a misleading 'RCE' tag in the source intelligence, which appears to be a mislabeling inconsistent with the vendor description and CVSS vector (C:N/I:N). No public exploit or CISA KEV listing exists at time of analysis.

Node.js RCE Webpack Dev Server +2
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Cross-site request forgery in webpack-dev-server 5.2.5 and earlier allows any website visited by a developer to silently invoke two unauthenticated state-changing endpoints - `/webpack-dev-server/open-editor` and `/webpack-dev-server/invalidate` - via simple browser-initiated GET requests that carry no CSRF protection. An attacker controlling a web page visited during an active dev session can open arbitrary local files in the developer's editor (including files outside the project root) and trigger repeated forced recompilations that degrade workstation performance. No public exploit has been identified at time of analysis, and exploitation is confined to developer workstations rather than production infrastructure.

CSRF Webpack Dev Server Red Hat +1
NVD GitHub VulDB
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Memory leak in OpenVPN (pre-2.7.5) allows network-accessible unauthenticated attackers to exhaust server memory, resulting in high availability impact and denial of service. The flaw, classified CWE-401, requires specific attack prerequisites (CVSS 4.0 AT:P) and passive client interaction (UI:P), meaning it is not trivially exploitable against all default deployments. No active exploitation has been confirmed in CISA KEV and no public exploit code has been identified at time of analysis; vendor patch v2.7.5 is available.

Microsoft Information Disclosure Openvpn +2
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Denial-of-service in OpenVPN via a reachable assertion (CWE-617) allows a remote, low-privileged attacker to crash the OpenVPN daemon under high-complexity, timing-specific conditions. All OpenVPN deployments running versions prior to v2.7.5 are affected; the fix is available in the v2.7.5 release disclosed pre-NVD via GitHub. No public exploit code or CISA KEV listing has been identified at time of analysis; the CVSS 4.0 score of 5.9 (Medium) reflects the constrained exploitation path, though VPN service disruption carries meaningful operational impact for affected operators.

Microsoft Information Disclosure Openvpn +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution risk in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) arises from a use-after-free that a remote attacker can trigger by luring a victim to a crafted HTML page, leading to heap corruption and potential arbitrary code execution in the renderer. The CVSS 8.8 rating reflects high impact with only user interaction (visiting a page) required, though Google rated the Chromium security severity as Low and no public exploit is identified at time of analysis. EPSS is low at 0.18% (8th percentile) and CISA SSVC records no known exploitation.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine (versions before 150.0.7871.46) lets a remote attacker achieve arbitrary code execution inside the renderer sandbox by luring a victim to a crafted HTML page. Chromium rated this Medium severity, but the CVSS 8.8 reflects high confidentiality, integrity, and availability impact requiring only a single user click; there is no public exploit identified at time of analysis and CISA's SSVC framework records no known exploitation. Because scope is unchanged (S:U), code execution is confined to the sandbox and does not by itself constitute a full host compromise.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows an attacker to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) reported by Google's own Chrome team; Chromium rated it Medium severity while NVD assigns CVSS 8.8. No public exploit has been identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none'.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Skia graphics library affects all desktop Chrome builds prior to 150.0.7871.46, where a use-after-free (CWE-416) triggered by a crafted HTML page can let a remote attacker break out of the renderer sandbox. Google rates the Chromium severity Critical and CVSS is 9.6, but there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as none. A vendor patch is available in the June 2026 Stable channel release.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn (WebGPU) component affects all desktop builds prior to 150.0.7871.46, where a use-after-free lets a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Google rates the Chromium severity Critical, and the CVSS 3.1 score of 9.6 reflects a scope-changing memory-corruption bug. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though a vendor patch is already shipping in the Stable channel.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS (versions prior to 150.0.7871.46) stems from a use-after-free in Dawn, Chrome's WebGPU/graphics abstraction layer, and allows a remote attacker who lures a victim to a crafted HTML page to potentially break out of the renderer sandbox and gain higher-privileged code execution on the host. The flaw is rated High by Chromium and carries a CVSS 9.6 due to its network attack vector, low complexity, and scope change. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, and CISA's SSVC framework currently marks exploitation as 'none' though technical impact as 'total'.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics component affects all desktop builds prior to 150.0.7871.46, where a use-after-free condition lets a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Chromium rates the severity High and a fixed stable-channel build is available, but SSVC records no observed exploitation and no public exploit identified at time of analysis. The high CVSS (9.6) is driven by the scope change inherent to sandbox escape rather than confirmed real-world abuse.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer lets a remote attacker who lures a victim to a crafted HTML page break out of the renderer sandbox and gain code execution in a higher-privilege context. All Chrome desktop builds prior to 150.0.7871.46 are affected. Chromium rated the underlying use-after-free High severity; no public exploit has been identified at time of analysis and SSVC records exploitation status as none.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 150.0.7871.46 lets a remote attacker break out of the renderer sandbox when a victim opens a crafted HTML page. Rated Critical by Chromium with a 9.6 CVSS score, the flaw is a use-after-free (CWE-416) requiring only that the target visit a malicious site. No public exploit or active exploitation is identified at time of analysis, and CISA's SSVC assessment lists exploitation as none.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Arbitrary code execution within the renderer sandbox in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) can be triggered when a victim loads a crafted HTML page. The flaw stems from use of uninitialized memory in V8 and, while carrying a high CVSS base score of 9.6, was rated only Low severity by Chromium because code execution is confined inside the renderer sandbox and still requires a separate sandbox escape for full host compromise. No public exploit identified at time of analysis, and CISA's SSVC framework marks exploitation status as none.

RCE Google Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uninitialized memory use in Dawn, Chrome's WebGPU implementation, on ChromeOS prior to version 150.0.7871.46 enables remote attackers to read potentially sensitive contents from GPU process memory by serving a crafted HTML page. The flaw (CWE-457) allows stale or uninitialized buffer data to be exposed back to the requesting JavaScript context without proper sanitization. No public exploit has been identified at time of analysis, and CISA SSVC rates this as non-automatable with partial technical impact, though the CVSS confidentiality rating is High.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. The flaw is an uninitialized-memory use (CWE-457) in ANGLE, reported by Google's own Chrome team and fixed in the June 2026 Stable channel update. No public exploit is identified at time of analysis, and CISA's SSVC framework records exploitation status as none, but the total technical impact and sandbox-escape nature make it a high-priority browser patch.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's ANGLE graphics subsystem (all versions prior to 150.0.7871.46) enables remote attackers to read sensitive data from other browser origins by luring a victim to a crafted HTML page. The flaw stems from uninitialized memory use in ANGLE, Chrome's GPU abstraction layer, which may expose stale cross-origin pixel buffers or texture memory to attacker-controlled JavaScript. No public exploit has been identified and CISA's SSVC framework rates exploitation as none with a non-automatable attack path, indicating limited immediate real-world threat despite the network-accessible vector.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Information Disclosure Microsoft Google +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (all channels prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a CWE-843 type-confusion bug rated High by Chromium and CVSS 8.8; there is no public exploit identified at time of analysis and CISA's SSVC framework marks exploitation status as none. Because CVSS is AV:N/PR:N with UI:R, exploitation is unauthenticated but requires the victim to open a malicious page.

Memory Corruption RCE Google +1
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape via type confusion in Tint, the WGSL shader compiler within Chrome's Dawn/WebGPU stack, affects Google Chrome desktop versions prior to 150.0.7871.46. A remote attacker who lures a victim to a crafted HTML page can trigger the flaw (CWE-843) to potentially break out of the renderer/GPU sandbox and gain broader access on the host. Rated High by Chromium with a CVSS 9.6 (scope-changed), though there is no public exploit identified at time of analysis and CISA SSVC currently records exploitation status as 'none'.

Memory Corruption Information Disclosure Google +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Tint WebGPU shader compiler affects all Desktop builds prior to 150.0.7871.46, where a crafted HTML page triggers an out-of-bounds write (CWE-787) that a remote attacker can leverage to break out of the renderer sandbox. Reported internally by the Chrome team and rated High by Chromium, the flaw carries a CVSS 9.6 due to its scope-changing memory-corruption impact, but there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as none. A vendor patch is already available, so the practical priority is rapid browser updating rather than emergency mitigation.

Memory Corruption Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. This is an out-of-bounds write (CWE-787) rated High by Chromium and scored CVSS 8.3. There is no public exploit identified at time of analysis and CISA SSVC lists exploitation as 'none', though the technical impact is rated 'total'.

Memory Corruption Buffer Overflow Google +1
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for macOS (versions prior to 150.0.7871.46) stems from an out-of-bounds write in ANGLE, the graphics abstraction layer that translates WebGL/OpenGL ES calls to native backends (Metal on Mac). A remote attacker who lures a victim to a crafted HTML page can corrupt memory in the GPU/graphics process to potentially break out of the renderer sandbox. There is no public exploit identified at time of analysis; Google rated the Chromium severity as Medium, and CISA's SSVC framework marks exploitation as none, though the CVSS base score is 9.6 due to the scope-changing sandbox-escape impact.

Memory Corruption Buffer Overflow Google +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Out-of-bounds read in the Dawn WebGPU implementation of Google Chrome before 150.0.7871.46 lets a remote attacker who lures a victim to a crafted HTML page potentially escape the renderer sandbox and disclose out-of-bounds memory. The upstream Chromium team rated the security severity as Low, yet the associated CVSS 3.1 base score is 9.6 due to a scope change and high triad impact. There is no public exploit identified at time of analysis, and the CISA SSVC decision framework records exploitation as none and automatable as no.

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in ANGLE (Chrome's cross-platform graphics abstraction layer) prior to version 150.0.7871.46 allows a remote attacker to extract potentially sensitive data from the browser's process memory by directing a victim to a crafted HTML page. The CVSS vector confirms network delivery with no authentication required but mandates user interaction, and the High confidentiality impact (C:H) indicates that in-memory data such as session tokens, cached credentials, or page content could be exposed. SSVC assessment records no active exploitation and the flaw is absent from the CISA KEV catalog; a vendor patch has been released and no public exploit code has been identified at time of analysis.

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cross-origin data exfiltration in Google Chrome's ANGLE graphics layer exposes sensitive browser memory contents to remote attackers who can induce a victim to visit a crafted HTML page. The out-of-bounds read in ANGLE (Chrome's cross-platform graphics abstraction engine) affects all Chrome desktop versions prior to 150.0.7871.46, confirmed by Google's stable channel advisory. No public exploit code or active exploitation has been identified at time of analysis; an EPSS of 0.17% (7th percentile) reflects minimal current weaponization pressure despite the high confidentiality impact assigned in CVSS.

Google Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome on Windows prior to 150.0.7871.46 stems from an out-of-bounds read in ANGLE, the browser's graphics abstraction layer. Remote attackers can exploit this by serving a crafted HTML page to a Windows user, causing the ANGLE subsystem to read memory beyond its intended buffer boundary and exposing data belonging to a separate web origin. No public exploit code has been identified at time of analysis, and the EPSS score of 0.18% (8th percentile) indicates low exploitation probability in the near term.

Google Microsoft Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory access in Google Chrome's Tint component (the WGSL shader translator inside the Dawn/WebGPU stack) affects all desktop builds prior to 150.0.7871.46 and lets a remote attacker corrupt memory when a victim opens a crafted HTML page. Chromium rates the severity High and the CVSS 3.1 score is 8.8, driven by high confidentiality, integrity, and availability impact requiring only that the user visit a malicious page. No public exploit identified at time of analysis, and the low EPSS score (0.19%, 9th percentile) indicates exploitation is not currently widespread.

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn WebGPU implementation prior to 150.0.7871.46 lets a remote attacker use a crafted HTML page to trigger an out-of-bounds read and write, potentially breaking out of the renderer sandbox. Rated Critical by Chromium with a CVSS of 9.6 (scope-changed), it requires the victim to visit a malicious page but no authentication. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Google Buffer Overflow Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is an integer overflow in V8, rated High by Chromium and scored CVSS 8.8; exploitation requires user interaction (visiting a malicious page) but no authentication. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none, indicating no observed in-the-wild activity yet.

RCE Google Suse
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library (versions before 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Medium by Chromium but scored CVSS 8.3 due to scope change and total impact; there is no public exploit identified at time of analysis and SSVC reports no observed exploitation. Realistically it is a second-stage bug that must be chained with a prior renderer compromise, which raises the practical difficulty.

Buffer Overflow Google Suse
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Skia graphics library affects all desktop builds prior to 150.0.7871.46, where an integer overflow triggered by a crafted HTML page can break out of the renderer sandbox into the more-privileged browser process. A remote attacker who lures a victim to a malicious page could potentially compromise the host beyond the rendering sandbox. There is no public exploit identified at time of analysis, and CISA SSVC scores exploitation as 'none'.

Buffer Overflow Google Suse
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Microsoft Google +1
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome (Skia graphics library) prior to 150.0.7871.46 allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page, elevating a contained renderer compromise into a full-privilege breakout on the host. Rated High severity by Chromium, it carries a CVSS 3.1 score of 8.3 (scope-changed) with no public exploit identified at time of analysis and CISA SSVC recording exploitation status as none. It is a second-stage vulnerability that must be chained with a prior renderer exploit, so it is not directly exploitable against a fresh browser.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android (versions prior to 150.0.7871.46) lets an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page that abuses insufficient input validation in the Dawn WebGPU component. Google rates the Chromium severity as High, and the flaw carries a CVSS 8.3 with a scope-changing impact. There is no public exploit identified at time of analysis, and CISA SSVC records exploitation status as none.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox by luring a victim to a crafted HTML page. This is a second-stage bug that chains with a prior renderer-level exploit rather than a standalone entry point; Chromium rates it High severity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with SSVC recording exploitation status as none.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics component before 150.0.7871.46 lets a remote attacker break out of the renderer sandbox when a victim loads a malicious web page. The flaw stems from insufficient validation of untrusted input (CWE-20) in ANGLE and carries a CVSS 9.6 due to scope change and full CIA impact, though exploitation requires the user to visit attacker-controlled content. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with SSVC exploitation status assessed as none.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 150.0.7871.46) lets a remote attacker break out of the renderer sandbox when a victim visits a crafted HTML page. The flaw stems from insufficient validation of untrusted input (CWE-20) in ANGLE and carries a critical 9.6 CVSS score due to the scope-changing sandbox escape. Google has shipped a fix and rates the Chromium severity as High; there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Information Disclosure Google Suse
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics component on Android (versions prior to 150.0.7871.46) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 8.3, the flaw stems from improper validation of untrusted input in ANGLE and requires renderer compromise plus user interaction as prerequisites. There is no public exploit identified at time of analysis, and CISA SSVC lists exploitation status as none.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

UI spoofing in Google Chrome's WebAppInstalls component (versions prior to 150.0.7871.46) enables remote attackers to misrepresent security indicators during Progressive Web App installation prompts via a crafted HTML page. The incorrect security UI (CWE-451) can deceive users into believing they are installing a legitimate, trusted application when they are not, resulting in a low-integrity impact. EPSS is 0.18% (8th percentile), no public exploit code exists, and this vulnerability has not been added to CISA KEV, indicating minimal active exploitation risk at time of analysis.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 lets a remote attacker who lures a user to a crafted HTML page and coaxes them into specific UI gestures potentially achieve memory corruption and code execution in the renderer. The flaw was reported internally by the Chrome team and is patched in the Stable channel; no public exploit identified at time of analysis, and EPSS is low (0.18%, 8th percentile). Note the tension in the signals: NVD/aggregator CVSS is 8.8 (High) while Google's own Chromium severity rating is Low.

Heap Overflow Buffer Overflow Google +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

RCE Google Privilege Escalation +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

RCE Google Buffer Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 allows a remote attacker who lures a victim to a crafted HTML page to execute arbitrary code — though notably only within the renderer sandbox rather than achieving full host compromise. Rated CVSS 8.8 and stemming from a code-generation flaw (CWE-94) in V8, it affects all Chrome desktop installations on the vulnerable channel; a fix has shipped, but there is no public exploit identified at time of analysis and CISA SSVC records exploitation status as none.

Code Injection Google RCE +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

UI spoofing in Google Chrome's Skia graphics engine (versions prior to 150.0.7871.46) allows a remote attacker who has already compromised the renderer process to mislead users through a crafted HTML page. The attack requires renderer process compromise as a prerequisite, making this a chained exploit component rather than a standalone threat. EPSS at 0.18% (8th percentile) and absence from CISA KEV confirm no known active exploitation; Chromium's own team rated this Low severity.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

UI spoofing via a crafted PDF file in Google Chrome's PDFium rendering engine allows a remote, unauthenticated attacker to visually mislead users into performing unintended actions or trusting falsified content. All Chrome versions prior to 150.0.7871.46 are affected. Exploitation requires the victim to open a malicious PDF - no special configuration is needed beyond default Chrome behavior. No public exploit identified at time of analysis, and CISA SSVC rates exploitation as none with partial technical impact.

Information Disclosure Google Suse
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome desktop before 150.0.7871.46 is possible through a heap buffer overflow in the Skia graphics library, letting an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Critical by Chromium and CVSS 8.3, it is a second-stage bug: it presumes prior renderer code execution rather than granting initial access on its own. No public exploit identified at time of analysis, and CISA SSVC records exploitation status as none.

Heap Overflow Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).

Information Disclosure Aws Cli Red Hat +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Heap Overflow Python Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Heap Overflow Python Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's DMG file format parser allows a remote, unauthenticated attacker to crash the scanning engine by submitting a crafted Apple Disk Image (DMG) for inspection. The flaw stems from an integer overflow triggered during boundary checks on DMG content and manifests only on 32-bit builds of ClamAV; memory corruption raises the theoretical possibility of expanded impact beyond a crash, though only DoS is described. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Clamav +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's ALZ archive parser allows an unauthenticated, remote attacker to crash the scanning engine by submitting a crafted ALZ file, with the vendor noting possible expanded impact beyond DoS. The flaw is a heap out-of-bounds write triggered during scanning, and because ClamAV is commonly deployed as an automated mail/upload gateway scanner, an attacker only needs to get a malicious file scanned. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Clamav +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Availability-impacting out-of-bounds write in ClamAV's PESpin file-format parser lets an unauthenticated remote attacker crash the scanning engine by submitting a crafted PESpin-packed file for scanning. Because ClamAV frequently sits inline on mail gateways, file-upload paths, and proxies, a single malicious sample can terminate the scanning process and produce a denial of service; the memory corruption may permit expanded impact beyond DoS though only crash impact is confirmed. There is no public exploit identified at time of analysis and it is not on CISA KEV, with EPSS not provided.

Buffer Overflow Secure Endpoint Clamav +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's InstallShield file format parser allows a remote, unauthenticated attacker (per CVSS PR:N) to crash the scanning engine and temporarily exhaust system resources by submitting a specially crafted InstallShield file for scanning. The flaw stems from improper handling of temporary resources during file scanning (CWE-770), impacting availability only (C:N/I:N/A:H) with no code execution or data exposure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network attack vector and low complexity make it easy to trigger anywhere ClamAV automatically scans attacker-supplied files.

Denial Of Service Secure Endpoint Clamav +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's 7z archive scanner allows a remote, unauthenticated attacker to crash the scanning process by submitting a crafted 7z file, resulting in an out-of-bounds heap write (CWE-120). Because ClamAV is commonly deployed inline on mail gateways and upload-scanning pipelines, a single malicious attachment can be delivered without any interaction or credentials. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, though Cisco (ClamAV's maintainer) rates confidentiality/integrity impact as none and availability as high.

Buffer Overflow Secure Endpoint Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's FSG file format parser allows an unauthenticated remote attacker to crash the scanning engine, and potentially achieve broader memory-corruption impact, by submitting a crafted FSG-compressed portable executable to be scanned. The flaw stems from an out-of-bounds buffer write during FSG decompression, affecting any deployment that scans attacker-supplied files. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-authentication, no-interaction nature (CVSS 7.5) makes it a meaningful availability risk for mail/file-scanning gateways.

Buffer Overflow Secure Endpoint Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's PE (Portable Executable) file format parser lets an unauthenticated, remote attacker crash the scanning engine by submitting a crafted PE file for scanning, triggering an out-of-bounds buffer write (CWE-120). Reported by Cisco PSIRT (ClamAV's maintainer), the flaw carries CVSS 7.5 with an availability-only impact; the advisory notes memory corruption could 'possibly' enable expanded impacts beyond DoS. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Privilege escalation and container escape in NVIDIA Container Toolkit for Linux (and the GPU Operator that bundles it) stem from a time-of-check to time-of-use (TOCTOU) race condition that can lead to arbitrary code execution, privilege escalation, and data tampering across a scope boundary. A low-privileged attacker who can win the race may break out of the intended isolation boundary of GPU-enabled containers. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; NVIDIA is the reporting source via its product-security advisory 5850.

Nvidia RCE Container Toolkit +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Stack exhaustion via multiple unbounded alloca() calls in the PulseAudio protocol server on Red Hat Enterprise Linux 8, 9, and 10 allows a local low-privileged attacker to crash the audio daemon, resulting in denial of service. The root cause (CWE-770) is the absence of size validation on attacker-controlled protocol parameters before passing them to alloca(), a stack-based allocator with no OS-enforced ceiling. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial-of-service via NULL pointer dereference in PipeWire's RAOP (Remote Audio Output Protocol) module affects Red Hat Enterprise Linux 8, 9, and 10. The RAOP module fails to enforce an upper bound on Content-Length values in incoming requests and does not validate the return value of pw_array_add(); when a sufficiently large Content-Length triggers an allocation failure, the unchecked NULL return causes a crash of the PipeWire daemon, resulting in complete loss of audio services. No special authentication is required from the adjacent network, and no public exploit or CISA KEV listing has been identified at time of analysis.

Denial Of Service Null Pointer Dereference Red Hat Enterprise Linux 10 +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in dhcpcd's IPv6 Neighbor Discovery Router Advertisement parser allows an adjacent unauthenticated attacker to exhaust CPU resources on any host running dhcpcd with IPv6 enabled. The flaw (CWE-835 - infinite loop) arises because a zero-length Neighbor Discovery option passes initial storage validation but is later reparsed without sufficient bounds enforcement, causing the parser to loop indefinitely without advancing. No active exploitation is confirmed (not in CISA KEV), but the adjacent-network attack vector and zero-privilege requirement make this actionable on shared Layer-2 environments such as enterprise Wi-Fi, cloud VLANs, and data-center segments.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Authentication Bypass Google Suse
NVD
Page 1 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy