Skip to main content

Suse

9341 CVEs vendor

Monthly

CVE-2023-47268 MEDIUM This Month

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-42284 PyPI HIGH PATCH GHSA This Week

Remote code execution in GitPython < 3.1.47 allows unauthenticated network attackers to inject malicious Git configuration during repository clone operations via crafted multi_options arguments. The _clone() method validates options before shlex.split transformation, enabling attackers to bypass unsafe option checks by embedding commands like '--config core.hooksPath=/attacker/path' within '--branch' strings. Git then executes attacker-controlled hooks during clone. Vendor-released patch available in version 3.1.47. CVSS 8.1 with high attack complexity; no EPSS or KEV data available, but public exploit code exists per GitHub security advisory GHSA-x2qx-6953-8485.

Python Information Disclosure Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-42215 PyPI HIGH POC PATCH GHSA This Week

Command injection in GitPython 3.1.30-3.1.46 allows remote authenticated attackers to execute arbitrary commands via underscore-formatted kwargs that bypass unsafe option validation. Applications passing attacker-controlled kwargs to Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push() are vulnerable even when allow_unsafe_options=False (default). GitHub-confirmed exploit with vendor-released patch 3.1.47. CVSS 8.8 reflects network vector with low complexity and authenticated access; no EPSS/KEV data indicates exploitation not yet widespread beyond proof-of-concept demonstration.

Python Command Injection Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7261 MEDIUM PATCH This Month

Use-after-free memory corruption in PHP 8.2 prior to version 8.2.31 allows remote attackers to cause information disclosure or denial of service via network requests with low attack complexity. The vulnerability is addressed in PHP 8.2.31, released as a security update bundling fixes for eight CVEs including CVE-2026-7261. Patch availability is confirmed from the PHP development team.

Microsoft PHP Use After Free Memory Corruption Information Disclosure +2
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-6735 HIGH PATCH This Week

Cross-site scripting (XSS) vulnerability in PHP 8.2.x (prior to 8.2.31) allows network-based attackers to inject malicious scripts that execute in victim browsers, compromising session tokens and potentially escalating to account takeover. Vendor-released patch (PHP 8.2.31) addresses this along with seven additional CVEs in a coordinated security release. CVSS 7.3 HIGH with user interaction required; exploitation status classified as POC-available per CVSS 4.0 vector (E:P), though public exploit code not independently verified at time of analysis.

XSS Microsoft PHP Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-7258 MEDIUM PATCH This Month

A buffer over-read vulnerability in PHP 8.2 prior to version 8.2.31 allows remote attackers to disclose sensitive information through a network vector with high attack complexity and partial attack time requirements. The vulnerability (CWE-125) affects information availability and system availability, with CVSS 6.3 indicating moderate risk. Vendor-released patch available in PHP 8.2.31.

Microsoft Information Disclosure Buffer Overflow PHP Suse +1
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-4430 MEDIUM PATCH This Month

Out-of-bounds write in LibreOffice 26.2 before 26.2.3 and 25.8 before 25.8.7 allows local attackers to cause memory corruption and availability impact by opening crafted OOXML documents with mismatched encryption salt parameters. The vulnerability requires user interaction to open a malicious document and affects memory integrity with elevated scope impact on availability.

Memory Corruption Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-42217 MEDIUM PATCH This Month

OpenEXR versions 3.0.0-3.2.8, 3.3.0-3.3.10, and 3.4.0-3.4.10 suffer from unbounded shift operations in the readVariableLengthInteger() function when parsing variable-length integers from untrusted EXR files. Attackers can craft malicious EXR files with excessive continuation bytes to trigger left shifts exceeding 64 bits on a 64-bit integer, causing undefined behavior that may lead to information disclosure or denial of service. The vulnerability is remotely exploitable without authentication or user interaction against any application processing untrusted EXR input; no public exploit code has been identified at the time of analysis.

Integer Overflow Information Disclosure Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-44312 Ruby MEDIUM PATCH GHSA This Month

CSS Parser gem disables HTTPS certificate validation by setting OpenSSL::SSL::VERIFY_NONE, allowing man-in-the-middle attackers to inject or modify CSS content loaded via HTTPS. Any application using CSS Parser versions prior to 2.1.0 to fetch external stylesheets over HTTPS can be exploited by network-positioned attackers without authentication. A proof-of-concept using mitmproxy or Burp Suite demonstrates practical exploitation; CVSS 5.8 reflects the network attack vector and integrity impact, but real-world risk depends on whether the application loads stylesheets from untrusted or attacker-controllable URLs and whether the attacker can intercept network traffic.

Code Injection OpenSSL Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-41050 Go CRITICAL PATCH GHSA Act Now

ServiceAccount impersonation bypass in Rancher Fleet allows tenants with git push access to multi-tenant clusters to read secrets from any namespace across all downstream clusters. Two distinct code paths failed to properly apply RBAC constraints: Helm's lookup function executed with cluster-admin credentials instead of the impersonated ServiceAccount, and valuesFrom secret references in fleet.yaml bypassed namespace isolation. Confirmed active exploitation status unknown (not in CISA KEV). CVSS 9.9 with scope-change modifier reflects potential credential leakage to external services. Fleet versions 0.12.0 through 0.15.0 affected across multiple Rancher release branches. Patches available for all supported versions with detailed version matrix provided by SUSE.

Authentication Bypass Kubernetes Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25705 Go HIGH PATCH GHSA This Week

Path traversal in Rancher's UI Extensions mechanism allows authenticated administrators to write arbitrary files to the Rancher server filesystem, potentially overwriting binaries, tampering with cluster state in /var/lib/rancher/, or compromising the host node if hostPath volumes are mounted. This affects Rancher versions 2.10.11 through 2.14.0. While exploitation requires high privileges (administrator access by default) and user interaction to install a malicious extension, the changed scope (S:C) in CVSS 3.1 indicates potential container escape or cross-component impact. Vendor-released patches are available across all affected release branches (2.11.13, 2.12.9, 2.13.5, 2.14.1). No public exploit identified at time of analysis, though the attack technique (CAPEC-126 path traversal) is well-documented.

Path Traversal Suse
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-42586 Maven MEDIUM PATCH GHSA This Month

CRLF injection in Netty's RedisEncoder allows remote command injection and response poisoning by injecting carriage return and line feed characters into InlineCommandRedisMessage, SimpleStringRedisMessage, and ErrorRedisMessage objects. Attackers can inject arbitrary Redis commands (such as CONFIG SET, FLUSHALL, or authentication bypass) or forge fake responses when user-controlled input is placed into these message types without sanitization. The vulnerability affects Netty 4.2.12.Final and all prior versions with the codec-redis module; no active exploitation has been reported in CISA KEV, but publicly available proof-of-concept code demonstrates the vulnerability.

Redis Command Injection Java Authentication Bypass Suse +1
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-42585 Maven MEDIUM PATCH GHSA This Month

HTTP request smuggling in Netty's HttpRequestDecoder allows remote unauthenticated attackers to inject arbitrary HTTP requests by sending malformed Transfer-Encoding headers (specifically 'Transfer-Encoding: chunked, identity'). When Netty is deployed behind a proxy that forwards such requests without rejection, an attacker can smuggle a second request inside the body of the first, bypassing security controls and accessing unintended resources. The vulnerability is confirmed by public proof-of-concept code demonstrating successful parsing of injected requests.

Request Smuggling RCE Java Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42583 Maven HIGH PATCH GHSA This Week

Memory exhaustion in Netty's Lz4FrameDecoder allows remote unauthenticated attackers to cause denial of service by sending minimal malicious data that triggers disproportionate server-side memory allocation. A 22-byte crafted LZ4 frame forces the decoder to allocate up to 32MB of heap memory per request, enabling resource exhaustion attacks against Java applications using Netty's compression codec. Publicly available exploit code exists (PoC published in GitHub advisory GHSA-mj4r-2hfc-f8p6). CVSS 7.5 indicates network-exploitable high-availability impact with no authentication or complexity barriers, though real-world risk depends on whether LZ4 decompression is exposed to untrusted network inputs.

Denial Of Service Java Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42580 Maven MEDIUM PATCH GHSA This Month

HTTP request smuggling in Netty's chunk size parser allows remote unauthenticated attackers to inject arbitrary HTTP requests by exploiting integer overflow in the hexadecimal chunk size parsing logic. The HttpObjectDecoder.getChunkSize method accumulates the chunk size without proper overflow validation, enabling an attacker to craft a malicious chunk size header that wraps around to a valid size, causing Netty to misinterpret the request boundary and parse injected requests as separate legitimate requests. Publicly available proof-of-concept demonstrates successful parsing of an injected GET request within a chunked POST body, with CVSS score 6.5 (network-accessible, low complexity, no authentication required).

Request Smuggling RCE Java Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44264 PyPI MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) via improper Markdown attribute sanitization in Weblate allows authenticated users to inject malicious HTML attributes through crafted Markdown in user comments and other user-provided content. The vulnerability affects Weblate versions prior to 5.17.1 and can be exploited by any authenticated user with the ability to submit Markdown content; however, the application's strict Content Security Policy (CSP) significantly mitigates actual exploitation risk. Vendor-released patch version 5.17.1 is available.

XSS Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44263 PyPI MEDIUM PATCH GHSA This Month

Weblate versions before 5.17.1 allow authenticated users to enumerate translations in projects they cannot access via the screenshots, tasks, and component link API endpoints. An attacker with valid credentials but no project access can probe these APIs to discover the existence and metadata of private translations, leading to information disclosure of project structure and language coverage that should remain hidden. The vulnerability requires authentication but has a low attack complexity, affecting confidentiality only without enabling further compromise.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-44244 PyPI HIGH POC PATCH GHSA This Week

Arbitrary code execution via Git hook redirection in GitPython 3.1.48 and earlier allows local authenticated users to inject malicious core.hooksPath configuration through newline characters in config_writer().set_value(). Publicly available exploit code exists. The vulnerability enables persistent repository poisoning where attacker-controlled hooks execute with the privileges of any user performing Git operations (commit, merge, checkout) on the poisoned repository. Particularly dangerous in multi-tenant environments like MLRun, DVC, MLflow, or Kedro where shared repositories enable privilege escalation across user contexts. Fixed in GitPython 3.1.49.

Python Code Injection RCE Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-44307 PyPI HIGH PATCH GHSA This Week

Path traversal in Mako Templates (Python library) on Windows platforms allows attackers to read arbitrary files outside configured template directories via backslash-based directory traversal sequences. Affects Mako versions ≤1.3.11 when applications accept user-controlled template names on Windows systems. Vendor-released patch available in version 1.3.12 (confirmed by GitHub commit 72e10c5). No public exploit code identified at time of analysis, though exploitation conditions are straightforward when prerequisites are met.

Python Microsoft Path Traversal Suse Red Hat
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-71261 Go HIGH PATCH GHSA This Week

Man-in-the-middle attacks and denial of service against SUSE Harvester (SUSE Virtualization) affect all versions prior to 1.8.0 due to disabled TLS certificate verification in the Rancher integration registration client. Network-positioned attackers can intercept cluster registration traffic to steal credentials or trigger memory buffer overflow crashes. The vulnerability is limited to the initial cluster registration phase and does not affect ongoing operational connectivity between Harvester and Rancher Manager. Vendor-released patch available in version 1.8.0 with full certificate validation enabled by default. No active exploitation confirmed; no public exploit code identified at time of analysis.

Denial Of Service Buffer Overflow Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-44243 PyPI HIGH POC PATCH GHSA This Week

Path traversal in GitPython versions ≤3.1.47 enables arbitrary file write and deletion outside repository boundaries when applications pass attacker-controlled reference paths to reference creation, rename, or delete operations. A fully-functional proof-of-concept demonstrates successful exploitation by crafting reference names with '../../../' sequences to escape the `.git` directory and manipulate files with the process owner's permissions. Applications exposing GitPython reference APIs to user input-particularly Git automation services, CI/CD pipelines, and multi-tenant developer platforms-are at immediate risk, as no authentication is required at the library boundary. Fixed in version 3.1.48 per GitHub advisory GHSA-7545-fcxq-7j24.

Python Denial Of Service Path Traversal Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.1%
CVE-2026-8021 MEDIUM PATCH This Month

Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Code Injection Google RCE Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-8020 MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8019 MEDIUM PATCH This Month

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-8018 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 allows remote attackers to break out of Chrome's security sandbox via specially crafted network traffic targeting a policy enforcement weakness in DevTools. The vulnerability requires high attack complexity (CVSS AC:H) but no user interaction, enabling complete compromise of confidentiality, integrity, and availability if successfully exploited. Vendor patch released in Chrome 148.0.7778.96 per official Google Chrome stable channel update. Despite CVSS 8.1 (High), Chromium assigns Low security severity, suggesting limited real-world exploitability or significant attack prerequisites. No active exploitation (not in CISA KEV) or public exploit code identified at time of analysis.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-8016 HIGH PATCH This Week

Remote code execution within Chrome's sandbox allows arbitrary code execution via a malicious HTML page exploiting a use-after-free vulnerability in WebRTC. Affects Chrome versions prior to 148.0.7778.96. Despite high CVSS 8.8 scoring and RCE capability, exploitation requires user interaction (visiting a crafted page) and is confined to Chrome's sandbox, limiting system-level impact. Vendor patch released in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV) or public POC at time of analysis, though Chromium security team rated this as Low severity internally, suggesting limited real-world exploitability despite the technical impact.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8015 MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-8014 MEDIUM PATCH This Month

Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8013 MEDIUM PATCH This Month

Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8012 MEDIUM PATCH This Month

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

XSS Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-8011 MEDIUM PATCH This Month

Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8010 MEDIUM PATCH This Month

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-8009 MEDIUM PATCH This Month

Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-8008 MEDIUM PATCH This Month

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-8007 HIGH PATCH This Week

Privilege escalation in Google Chrome's Cast component (versions prior to 148.0.7778.96) allows remote attackers to elevate from renderer to higher-privilege browser process via specially crafted HTML page after initial renderer compromise. Despite 7.5 CVSS score, Chromium security team rates this as Low severity, indicating limited real-world impact. Vendor patch released in version 148.0.7778.96. No public exploit identified at time of analysis.

Privilege Escalation Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8006 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-8005 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8004 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-8003 MEDIUM PATCH This Month

Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-8002 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS versions prior to 148.0.7778.96 enables attackers to execute arbitrary code within the browser's sandbox through a malicious HTML page exploiting a use-after-free vulnerability in the Audio subsystem. The vulnerability requires user interaction (visiting a crafted webpage) but no authentication, with CVSS 8.8 rating reflecting high impact across confidentiality, integrity, and availability. Google has released patches in Chrome 148.0.7778.96; no active exploitation (KEV) or public POC has been identified at time of analysis, though the technical details are publicly accessible via Chromium issue tracker 495779613.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-8001 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 on Linux, Mac, and ChromeOS allows remote attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page exploiting a use-after-free vulnerability in the printing subsystem. Despite the 8.3 CVSS score, Chromium rates this Low severity because exploitation requires a two-stage attack chain (initial renderer compromise followed by sandbox escape). Vendor patch released as Chrome 148.0.7778.96. No evidence of active exploitation or public POC identified at time of analysis.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-8000 HIGH PATCH This Week

Remote code execution affects ChromeDriver in Google Chrome versions prior to 148.0.7778.96 on Windows platforms. Exploitation requires user interaction with a malicious HTML page, enabling remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor-released patch available (version 148.0.7778.96). No active exploitation confirmed in CISA KEV at time of analysis, though CVSS base score of 8.8 reflects significant potential impact if users visit attacker-controlled content.

Microsoft RCE Google Red Hat Suse +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7999 MEDIUM PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7998 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-7997 HIGH PATCH This Week

Local privilege escalation in Google Chrome's macOS Updater component allows attackers to gain OS-level administrative privileges through malicious files. The flaw affects Chrome versions prior to 148.0.7778.96 on macOS and requires user interaction to exploit. Google has released Chrome 148.0.7778.96 to address this vulnerability. Despite the 7.8 CVSS score, Google rates this as Low severity, reflecting the local attack vector and user interaction requirement that significantly constrain real-world exploitation scenarios.

Privilege Escalation Google Red Hat Suse Chrome
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7996 MEDIUM PATCH This Month

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-7995 HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 through an out-of-bounds read vulnerability in the AdFilter component. Attackers can execute arbitrary code by delivering a specially crafted HTML page, requiring only that a user visit the malicious page. Chrome has released version 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis, though the vulnerability's network-based attack vector and low complexity make it a realistic exploitation target once technical details become public.

Google Information Disclosure RCE Buffer Overflow Red Hat +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7994 HIGH PATCH This Week

Local privilege escalation in Google Chrome Chromoting (prior to 148.0.7778.96) on Windows allows attackers to gain elevated OS-level privileges by tricking users into opening a malicious file. While CVSS scores this as high severity (7.8), real-world risk is tempered by local access and required user interaction (CVSS: AV:L/UI:R). Vendor patch available in version 148.0.7778.96 released May 2026. No active exploitation (CISA KEV) or public exploit code identified at time of analysis.

Privilege Escalation Microsoft Google Red Hat Suse +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7993 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-7992 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 on Linux and ChromeOS allows attackers to execute arbitrary code when users perform specific UI gestures on a malicious webpage. The vulnerability stems from insufficient input validation in Chrome's UI layer (CWE-20). Vendor patch available in Chrome 148.0.7778.96. No public exploit identified at time of analysis, though CVSS 8.8 reflects high impact across confidentiality, integrity, and availability.

RCE Google Red Hat Suse Chrome
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7991 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.96 through a use-after-free vulnerability in the UI component. Attackers who have already compromised the renderer process can escape sandbox restrictions and execute arbitrary code by delivering a specially crafted HTML page requiring user interaction. Google has released patch version 148.0.7778.96. No active exploitation confirmed in CISA KEV at time of analysis, though the vulnerability requires prior renderer compromise which increases attack complexity beyond the CVSS AC:L rating suggests.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7990 HIGH PATCH This Week

Local privilege escalation in Google Chrome's Windows updater component allows unprivileged users to gain SYSTEM-level access by exploiting insufficient input validation when the updater processes a specially crafted malicious file. Affects all Chrome versions on Windows prior to 148.0.7778.96. Google has released a patched version (148.0.7778.96). No active exploitation confirmed by CISA KEV at time of analysis, though the local attack vector and medium severity rating suggest potential for targeted attacks in enterprise environments where Chrome auto-update may be delayed.

Privilege Escalation Microsoft Google Red Hat Suse +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-7989 MEDIUM PATCH This Month

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-7988 HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC implementation (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox through a malicious HTML page exploiting type confusion in WebRTC. Patch available via Chrome 148.0.7778.96. Requires user interaction (visiting crafted page) but no authentication. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability within sandbox constraints. No confirmed active exploitation or public POC identified at time of analysis.

Memory Corruption Google RCE Red Hat Suse +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7987 HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free memory corruption vulnerability via a malicious HTML page. While sandboxed, successful exploitation achieves high confidentiality, integrity, and availability impact within the renderer process. EPSS data unavailable; not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis. Vendor patch released as Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7986 MEDIUM PATCH This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7985 HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU component affects versions prior to 148.0.7778.96. An attacker who has already compromised the renderer process can escalate privileges to break out of Chrome's sandbox by exploiting a use-after-free memory corruption vulnerability via a specially crafted HTML page. This requires high attack complexity and user interaction (visiting a malicious page). No active exploitation confirmed at time of analysis, and vendor-released patch (version 148.0.7778.96) is available. EPSS data not provided, but the combination of network vector, changed scope (S:C in CVSS), and sandbox escape capability makes this a priority update for Chrome deployments despite Chromium's 'Medium' internal severity rating.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7984 HIGH PATCH This Week

Remote code execution in Google Chrome's ReadingMode component (versions prior to 148.0.7778.96) allows attackers who have already compromised the renderer process to escape sandbox restrictions and execute arbitrary code on the underlying system. The vulnerability requires user interaction to visit a malicious webpage but exploitation complexity is low once renderer compromise is achieved. EPSS data not available; no CISA KEV listing identified at time of analysis, indicating no confirmed widespread exploitation. Vendor-released patch available in Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7983 MEDIUM PATCH This Month

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7982 MEDIUM PATCH This Month

Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7981 HIGH PATCH This Week

Out-of-bounds read in Chrome's codec implementation allows remote attackers to extract potentially sensitive data from process memory by delivering a malicious media file. Affects Chrome versions prior to 148.0.7778.96. The vulnerability requires user interaction (opening or playing a crafted file) but operates over the network. Google rated this as Medium severity within the Chromium security framework.

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-7980 HIGH PATCH This Week

Remote code execution in Google Chrome's WebAudio implementation (versions before 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox by exploiting a use-after-free vulnerability through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted page) but no authentication. Google has released Chrome 148.0.7778.96 to address this issue. EPSS data not available; no KEV listing or public POC identified at time of analysis, suggesting limited real-world exploitation observed despite the high CVSS score.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7979 MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7978 HIGH PATCH This Week

OS-level privilege escalation in Google Chrome for macOS allows remote attackers to gain elevated system privileges through malicious network traffic exploiting the Companion component. Affects all Chrome versions prior to 148.0.7778.96 on Mac. Vendor-released patch available (Chrome 148.0.7778.96). No public exploit or active exploitation confirmed at time of analysis, though high-complexity network-based attack vector (CVSS AV:N/AC:H) suggests specialized exploitation requirements despite unauthenticated remote access.

Privilege Escalation Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-7977 MEDIUM PATCH This Month

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Privilege Escalation Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-7976 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 via malicious extension exploitation of use-after-free in Views component. Successful exploitation requires convincing a user to install a crafted Chrome extension, after which the attacker can execute arbitrary code with Chrome's privileges. Google has released Chrome 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not listed in CISA KEV) or public proof-of-concept code identified at time of analysis. CVSS 7.5 severity driven by high attack complexity and required user interaction, which moderates real-world exploitation risk despite potential for full system compromise.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7975 HIGH PATCH This Week

Sandbox escape in Google Chrome's DevTools component allows attackers who have already compromised the renderer process to break out of the browser sandbox and execute code on the underlying system. Affects all Chrome versions prior to 148.0.7778.96. Google has released version 148.0.7778.96 to patch this vulnerability. The attack requires high complexity and user interaction (visiting a malicious page), but successful exploitation enables complete system compromise with changed scope (S:C in CVSS vector), escalating from renderer-level access to full system access. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7974 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Blink rendering engine through a specially crafted HTML page. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting a malicious webpage). EPSS data not available. Not listed in CISA KEV at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption RCE Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7973 HIGH PATCH This Week

Integer overflow in Chrome's Dawn graphics API (WebGPU) enables sandbox escape on Windows systems when users visit attacker-controlled web pages. Affects all Chrome versions prior to 148.0.7778.96 on Windows platforms. Vendor-released patch available in Chrome 148.0.7778.96 (confirmed by Google Stable Channel release). CVSS 8.8 reflects high impact but requires user interaction. No public exploit code or CISA KEV listing identified at time of analysis, indicating targeted or proof-of-concept stage exploitation risk rather than widespread active exploitation.

Microsoft Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7972 MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7971 MEDIUM PATCH This Month

Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Privilege Escalation Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-7970 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox through a use-after-free vulnerability in the TopChrome component. Attack requires user interaction with a malicious HTML page and has high attack complexity. EPSS data not available; no active exploitation confirmed at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7969 MEDIUM PATCH This Month

Integer overflow in Chrome's Network component prior to version 148.0.7778.96 allows remote attackers to bypass same-origin policy after compromising the renderer process via a crafted HTML page. The vulnerability requires renderer compromise and user interaction, limiting real-world risk despite network-accessible attack surface. No active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7967 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows attackers who have already compromised the renderer process to break out of Chrome's security sandbox through malicious HTML pages. The vulnerability stems from insufficient input validation in Chrome's Navigation component, requiring both network access and user interaction but enabling complete system compromise (high confidentiality, integrity, and availability impact) once the renderer is compromised. Vendor-released patch available in version 148.0.7778.96, announced via Google's stable channel update.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7964 MEDIUM PATCH This Month

Insufficient input validation in the FileSystem API in Google Chrome prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to perform arbitrary file read and write operations through a malicious HTML page. The vulnerability requires prior renderer compromise and user interaction with a crafted page, limiting its attack surface despite network-accessible vectors. Vendor has released a patched version.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-7963 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox via crafted HTML pages exploiting ServiceWorker implementation flaws. This vulnerability requires high attack complexity and user interaction but enables complete system compromise once the initial renderer compromise is achieved. Vendor patch released in Chrome 148.0.7778.96 per official Chrome security bulletin.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7962 MEDIUM PATCH This Month

Insufficient policy enforcement in DirectSockets API in Google Chrome prior to version 148.0.7778.96 allows remote attackers to perform arbitrary read and write operations through a crafted malicious Chrome extension. The vulnerability requires user interaction (extension installation) but affects the core security model of the browser's socket access control, exposing local network resources to unauthorized access by untrusted extensions.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-7961 MEDIUM PATCH This Month

Google Chrome prior to version 148.0.7778.96 contains insufficient validation of untrusted input in the Permissions system, allowing attackers on the local network segment to leak cross-origin data through malicious network traffic. The vulnerability requires network adjacency but no user interaction or authentication, affecting confidentiality with medium Chromium severity. Patch is available from Google.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-7960 MEDIUM PATCH This Month

Information disclosure in Google Chrome prior to 148.0.7778.96 allows remote attackers who have compromised the renderer process to extract potentially sensitive data from process memory through a race condition triggered by a crafted HTML page. The vulnerability requires renderer process compromise and user interaction but results in high confidentiality impact with no integrity or availability consequences. Chromium security team rates this as Medium severity; no active exploitation has been publicly confirmed.

Race Condition Google Information Disclosure Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-7958 MEDIUM PATCH This Month

Uncontrolled XSS vulnerability in Google Chrome's ServiceWorker implementation prior to version 148.0.7778.96 allows attackers to inject arbitrary scripts or HTML into web pages when users install a malicious Chrome extension, bypassing same-origin policy protections. The vulnerability requires user interaction (extension installation) but can be exploited remotely with low attack complexity. CVSS score of 5.4 reflects medium severity; no active exploitation has been publicly reported.

XSS Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-7957 HIGH PATCH This Week

Remote code execution in Google Chrome's Media component on macOS and iOS versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser sandbox by exploiting an out-of-bounds write vulnerability. Attack requires the compromised renderer process prerequisite plus user interaction with a malicious HTML page. CVSS rates this 8.8 (High) due to network attack vector and no authentication required, though exploitation remains constrained by the sandbox boundary and requires initial renderer compromise. Vendor-released patch available in Chrome 148.0.7778.96. No active exploitation (CISA KEV) or public exploit code identified at time of analysis.

Buffer Overflow Memory Corruption RCE Apple Google +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7956 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free vulnerability in the Navigation component. This requires user interaction with a malicious HTML page and successful renderer compromise as a prerequisite, making it a two-stage attack requiring high attack complexity. Vendor-released patch available in Chrome 148.0.7778.96. No public exploit or active exploitation (CISA KEV) identified at time of analysis. CVSS 8.3 (High) reflects the severe post-compromise impact (sandbox escape enabling system-level access), but real-world risk depends heavily on successful initial renderer compromise.

Google Denial Of Service Use After Free Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-7955 MEDIUM PATCH This Month

Uninitialized memory use in the GPU component of Google Chrome prior to version 148.0.7778.96 allows remote attackers who have compromised the renderer process to extract potentially sensitive information from process memory through a malicious HTML page. The vulnerability requires renderer process compromise as a precondition and user interaction to trigger, but once achieved, enables confidentiality breach with no code execution or denial of service impact. Vendor-released patch available in Chrome 148.0.7778.96.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-7953 MEDIUM PATCH This Month

Unvalidated Omnibox input in Google Chrome prior to version 148.0.7778.96 enables remote attackers to inject arbitrary scripts and HTML (universal XSS) via malicious network traffic, affecting users who click on crafted links. The vulnerability requires user interaction but crosses security boundaries due to its scope impact. No active exploitation has been publicly confirmed, though a patch is available from Google.

Code Injection Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-7952 MEDIUM PATCH This Month

Insufficient policy enforcement in Chrome Extensions prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass discretionary access controls via a crafted HTML page, potentially leading to unauthorized information disclosure or modification. The vulnerability requires user interaction and a pre-existing renderer compromise, limiting its practical exploitation scope. A vendor-released patch is available in Chrome 148.0.7778.96 and later.

Authentication Bypass Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-7951 HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 through an out-of-bounds write in the WebRTC component. Attackers can achieve arbitrary code execution by convincing users to visit a specially crafted HTML page, though execution remains confined to Chrome's sandbox. EPSS data not available for this recent CVE (May 2026). Vendor-released patch version 148.0.7778.96 addresses the vulnerability with Chromium security severity rated Medium despite 8.8 CVSS score.

Google Memory Corruption Buffer Overflow RCE Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-7950 MEDIUM PATCH This Month

Out-of-bounds read and write in the GFX component of Google Chrome prior to version 148.0.7778.96 allows remote attackers to perform arbitrary memory read and write operations through malicious network traffic. The vulnerability requires user interaction (clicking a link or visiting a malicious page) but does not require authentication. Chromium rated the security severity as Medium; CVSS 5.4 reflects moderate impact (confidentiality and integrity compromise without availability loss). No active exploitation confirmed in CISA KEV at time of analysis.

Google Information Disclosure Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-7948 HIGH PATCH This Week

Local privilege escalation in Google Chrome Chromoting (remote desktop component) allows authenticated Windows users to gain elevated system privileges through a race condition exploit triggered by a malicious file. Fixed in Chrome 148.0.7778.96. The vulnerability requires user interaction and high attack complexity (AC:H), limiting automated exploitation despite the 7.5 CVSS score. No public exploit identified at time of analysis, and not listed in CISA KEV.

Privilege Escalation Microsoft Race Condition Google Red Hat +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7947 MEDIUM PATCH This Month

UI spoofing via insufficient input validation in Google Chrome prior to 148.0.7778.96 allows a remote attacker who has already compromised the renderer process to craft malicious HTML pages that deceive users about the legitimate UI elements. The attack requires renderer process compromise as a prerequisite and user interaction with the crafted page, limiting real-world applicability to multi-stage attacks. Chromium assessed this as medium severity; no public exploit code or active exploitation has been identified.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-7946 MEDIUM PATCH This Month

Insufficient policy enforcement in Chrome's WebUI on Linux, Mac, Windows, and ChromeOS prior to 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass site isolation via a crafted HTML page, potentially exposing sensitive cross-site data. The vulnerability requires user interaction (UI:R) and prior renderer compromise, limiting its standalone exploitability. Vendor-released patch available in version 148.0.7778.96.

Authentication Bypass Microsoft Google Red Hat Suse +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Suse
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in GitPython < 3.1.47 allows unauthenticated network attackers to inject malicious Git configuration during repository clone operations via crafted multi_options arguments. The _clone() method validates options before shlex.split transformation, enabling attackers to bypass unsafe option checks by embedding commands like '--config core.hooksPath=/attacker/path' within '--branch' strings. Git then executes attacker-controlled hooks during clone. Vendor-released patch available in version 3.1.47. CVSS 8.1 with high attack complexity; no EPSS or KEV data available, but public exploit code exists per GitHub security advisory GHSA-x2qx-6953-8485.

Python Information Disclosure Suse
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Command injection in GitPython 3.1.30-3.1.46 allows remote authenticated attackers to execute arbitrary commands via underscore-formatted kwargs that bypass unsafe option validation. Applications passing attacker-controlled kwargs to Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push() are vulnerable even when allow_unsafe_options=False (default). GitHub-confirmed exploit with vendor-released patch 3.1.47. CVSS 8.8 reflects network vector with low complexity and authenticated access; no EPSS/KEV data indicates exploitation not yet widespread beyond proof-of-concept demonstration.

Python Command Injection Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free memory corruption in PHP 8.2 prior to version 8.2.31 allows remote attackers to cause information disclosure or denial of service via network requests with low attack complexity. The vulnerability is addressed in PHP 8.2.31, released as a security update bundling fixes for eight CVEs including CVE-2026-7261. Patch availability is confirmed from the PHP development team.

Microsoft PHP Use After Free +4
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Cross-site scripting (XSS) vulnerability in PHP 8.2.x (prior to 8.2.31) allows network-based attackers to inject malicious scripts that execute in victim browsers, compromising session tokens and potentially escalating to account takeover. Vendor-released patch (PHP 8.2.31) addresses this along with seven additional CVEs in a coordinated security release. CVSS 7.3 HIGH with user interaction required; exploitation status classified as POC-available per CVSS 4.0 vector (E:P), though public exploit code not independently verified at time of analysis.

XSS Microsoft PHP +2
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A buffer over-read vulnerability in PHP 8.2 prior to version 8.2.31 allows remote attackers to disclose sensitive information through a network vector with high attack complexity and partial attack time requirements. The vulnerability (CWE-125) affects information availability and system availability, with CVSS 6.3 indicating moderate risk. Vendor-released patch available in PHP 8.2.31.

Microsoft Information Disclosure Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds write in LibreOffice 26.2 before 26.2.3 and 25.8 before 25.8.7 allows local attackers to cause memory corruption and availability impact by opening crafted OOXML documents with mismatched encryption salt parameters. The vulnerability requires user interaction to open a malicious document and affects memory integrity with elevated scope impact on availability.

Memory Corruption Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

OpenEXR versions 3.0.0-3.2.8, 3.3.0-3.3.10, and 3.4.0-3.4.10 suffer from unbounded shift operations in the readVariableLengthInteger() function when parsing variable-length integers from untrusted EXR files. Attackers can craft malicious EXR files with excessive continuation bytes to trigger left shifts exceeding 64 bits on a 64-bit integer, causing undefined behavior that may lead to information disclosure or denial of service. The vulnerability is remotely exploitable without authentication or user interaction against any application processing untrusted EXR input; no public exploit code has been identified at the time of analysis.

Integer Overflow Information Disclosure Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

CSS Parser gem disables HTTPS certificate validation by setting OpenSSL::SSL::VERIFY_NONE, allowing man-in-the-middle attackers to inject or modify CSS content loaded via HTTPS. Any application using CSS Parser versions prior to 2.1.0 to fetch external stylesheets over HTTPS can be exploited by network-positioned attackers without authentication. A proof-of-concept using mitmproxy or Burp Suite demonstrates practical exploitation; CVSS 5.8 reflects the network attack vector and integrity impact, but real-world risk depends on whether the application loads stylesheets from untrusted or attacker-controllable URLs and whether the attacker can intercept network traffic.

Code Injection OpenSSL Suse
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

ServiceAccount impersonation bypass in Rancher Fleet allows tenants with git push access to multi-tenant clusters to read secrets from any namespace across all downstream clusters. Two distinct code paths failed to properly apply RBAC constraints: Helm's lookup function executed with cluster-admin credentials instead of the impersonated ServiceAccount, and valuesFrom secret references in fleet.yaml bypassed namespace isolation. Confirmed active exploitation status unknown (not in CISA KEV). CVSS 9.9 with scope-change modifier reflects potential credential leakage to external services. Fleet versions 0.12.0 through 0.15.0 affected across multiple Rancher release branches. Patches available for all supported versions with detailed version matrix provided by SUSE.

Authentication Bypass Kubernetes Suse
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Path traversal in Rancher's UI Extensions mechanism allows authenticated administrators to write arbitrary files to the Rancher server filesystem, potentially overwriting binaries, tampering with cluster state in /var/lib/rancher/, or compromising the host node if hostPath volumes are mounted. This affects Rancher versions 2.10.11 through 2.14.0. While exploitation requires high privileges (administrator access by default) and user interaction to install a malicious extension, the changed scope (S:C) in CVSS 3.1 indicates potential container escape or cross-component impact. Vendor-released patches are available across all affected release branches (2.11.13, 2.12.9, 2.13.5, 2.14.1). No public exploit identified at time of analysis, though the attack technique (CAPEC-126 path traversal) is well-documented.

Path Traversal Suse
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

CRLF injection in Netty's RedisEncoder allows remote command injection and response poisoning by injecting carriage return and line feed characters into InlineCommandRedisMessage, SimpleStringRedisMessage, and ErrorRedisMessage objects. Attackers can inject arbitrary Redis commands (such as CONFIG SET, FLUSHALL, or authentication bypass) or forge fake responses when user-controlled input is placed into these message types without sanitization. The vulnerability affects Netty 4.2.12.Final and all prior versions with the codec-redis module; no active exploitation has been reported in CISA KEV, but publicly available proof-of-concept code demonstrates the vulnerability.

Redis Command Injection Java +3
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

HTTP request smuggling in Netty's HttpRequestDecoder allows remote unauthenticated attackers to inject arbitrary HTTP requests by sending malformed Transfer-Encoding headers (specifically 'Transfer-Encoding: chunked, identity'). When Netty is deployed behind a proxy that forwards such requests without rejection, an attacker can smuggle a second request inside the body of the first, bypassing security controls and accessing unintended resources. The vulnerability is confirmed by public proof-of-concept code demonstrating successful parsing of injected requests.

Request Smuggling RCE Java +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory exhaustion in Netty's Lz4FrameDecoder allows remote unauthenticated attackers to cause denial of service by sending minimal malicious data that triggers disproportionate server-side memory allocation. A 22-byte crafted LZ4 frame forces the decoder to allocate up to 32MB of heap memory per request, enabling resource exhaustion attacks against Java applications using Netty's compression codec. Publicly available exploit code exists (PoC published in GitHub advisory GHSA-mj4r-2hfc-f8p6). CVSS 7.5 indicates network-exploitable high-availability impact with no authentication or complexity barriers, though real-world risk depends on whether LZ4 decompression is exposed to untrusted network inputs.

Denial Of Service Java Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

HTTP request smuggling in Netty's chunk size parser allows remote unauthenticated attackers to inject arbitrary HTTP requests by exploiting integer overflow in the hexadecimal chunk size parsing logic. The HttpObjectDecoder.getChunkSize method accumulates the chunk size without proper overflow validation, enabling an attacker to craft a malicious chunk size header that wraps around to a valid size, causing Netty to misinterpret the request boundary and parse injected requests as separate legitimate requests. Publicly available proof-of-concept demonstrates successful parsing of an injected GET request within a chunked POST body, with CVSS score 6.5 (network-accessible, low complexity, no authentication required).

Request Smuggling RCE Java +2
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) via improper Markdown attribute sanitization in Weblate allows authenticated users to inject malicious HTML attributes through crafted Markdown in user comments and other user-provided content. The vulnerability affects Weblate versions prior to 5.17.1 and can be exploited by any authenticated user with the ability to submit Markdown content; however, the application's strict Content Security Policy (CSP) significantly mitigates actual exploitation risk. Vendor-released patch version 5.17.1 is available.

XSS Suse
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Weblate versions before 5.17.1 allow authenticated users to enumerate translations in projects they cannot access via the screenshots, tasks, and component link API endpoints. An attacker with valid credentials but no project access can probe these APIs to discover the existence and metadata of private translations, leading to information disclosure of project structure and language coverage that should remain hidden. The vulnerability requires authentication but has a low attack complexity, affecting confidentiality only without enabling further compromise.

Information Disclosure Suse
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Arbitrary code execution via Git hook redirection in GitPython 3.1.48 and earlier allows local authenticated users to inject malicious core.hooksPath configuration through newline characters in config_writer().set_value(). Publicly available exploit code exists. The vulnerability enables persistent repository poisoning where attacker-controlled hooks execute with the privileges of any user performing Git operations (commit, merge, checkout) on the poisoned repository. Particularly dangerous in multi-tenant environments like MLRun, DVC, MLflow, or Kedro where shared repositories enable privilege escalation across user contexts. Fixed in GitPython 3.1.49.

Python Code Injection RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Path traversal in Mako Templates (Python library) on Windows platforms allows attackers to read arbitrary files outside configured template directories via backslash-based directory traversal sequences. Affects Mako versions ≤1.3.11 when applications accept user-controlled template names on Windows systems. Vendor-released patch available in version 1.3.12 (confirmed by GitHub commit 72e10c5). No public exploit code identified at time of analysis, though exploitation conditions are straightforward when prerequisites are met.

Python Microsoft Path Traversal +2
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Man-in-the-middle attacks and denial of service against SUSE Harvester (SUSE Virtualization) affect all versions prior to 1.8.0 due to disabled TLS certificate verification in the Rancher integration registration client. Network-positioned attackers can intercept cluster registration traffic to steal credentials or trigger memory buffer overflow crashes. The vulnerability is limited to the initial cluster registration phase and does not affect ongoing operational connectivity between Harvester and Rancher Manager. Vendor-released patch available in version 1.8.0 with full certificate validation enabled by default. No active exploitation confirmed; no public exploit code identified at time of analysis.

Denial Of Service Buffer Overflow Suse
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Path traversal in GitPython versions ≤3.1.47 enables arbitrary file write and deletion outside repository boundaries when applications pass attacker-controlled reference paths to reference creation, rename, or delete operations. A fully-functional proof-of-concept demonstrates successful exploitation by crafting reference names with '../../../' sequences to escape the `.git` directory and manipulate files with the process owner's permissions. Applications exposing GitPython reference APIs to user input-particularly Git automation services, CI/CD pipelines, and multi-tenant developer platforms-are at immediate risk, as no authentication is required at the library boundary. Fixed in version 3.1.48 per GitHub advisory GHSA-7545-fcxq-7j24.

Python Denial Of Service Path Traversal +2
NVD GitHub VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Code Injection Google RCE +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 allows remote attackers to break out of Chrome's security sandbox via specially crafted network traffic targeting a policy enforcement weakness in DevTools. The vulnerability requires high attack complexity (CVSS AC:H) but no user interaction, enabling complete compromise of confidentiality, integrity, and availability if successfully exploited. Vendor patch released in Chrome 148.0.7778.96 per official Google Chrome stable channel update. Despite CVSS 8.1 (High), Chromium assigns Low security severity, suggesting limited real-world exploitability or significant attack prerequisites. No active exploitation (not in CISA KEV) or public exploit code identified at time of analysis.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox allows arbitrary code execution via a malicious HTML page exploiting a use-after-free vulnerability in WebRTC. Affects Chrome versions prior to 148.0.7778.96. Despite high CVSS 8.8 scoring and RCE capability, exploitation requires user interaction (visiting a crafted page) and is confined to Chrome's sandbox, limiting system-level impact. Vendor patch released in Chrome 148.0.7778.96. No evidence of active exploitation (not in CISA KEV) or public POC at time of analysis, though Chromium security team rated this as Low severity internally, suggesting limited real-world exploitability despite the technical impact.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

XSS Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Privilege escalation in Google Chrome's Cast component (versions prior to 148.0.7778.96) allows remote attackers to elevate from renderer to higher-privilege browser process via specially crafted HTML page after initial renderer compromise. Despite 7.5 CVSS score, Chromium security team rates this as Low severity, indicating limited real-world impact. Vendor patch released in version 148.0.7778.96. No public exploit identified at time of analysis.

Privilege Escalation Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS versions prior to 148.0.7778.96 enables attackers to execute arbitrary code within the browser's sandbox through a malicious HTML page exploiting a use-after-free vulnerability in the Audio subsystem. The vulnerability requires user interaction (visiting a crafted webpage) but no authentication, with CVSS 8.8 rating reflecting high impact across confidentiality, integrity, and availability. Google has released patches in Chrome 148.0.7778.96; no active exploitation (KEV) or public POC has been identified at time of analysis, though the technical details are publicly accessible via Chromium issue tracker 495779613.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 on Linux, Mac, and ChromeOS allows remote attackers who have already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page exploiting a use-after-free vulnerability in the printing subsystem. Despite the 8.3 CVSS score, Chromium rates this Low severity because exploitation requires a two-stage attack chain (initial renderer compromise followed by sandbox escape). Vendor patch released as Chrome 148.0.7778.96. No evidence of active exploitation or public POC identified at time of analysis.

Google Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution affects ChromeDriver in Google Chrome versions prior to 148.0.7778.96 on Windows platforms. Exploitation requires user interaction with a malicious HTML page, enabling remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor-released patch available (version 148.0.7778.96). No active exploitation confirmed in CISA KEV at time of analysis, though CVSS base score of 8.8 reflects significant potential impact if users visit attacker-controlled content.

Microsoft RCE Google +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Google Chrome's macOS Updater component allows attackers to gain OS-level administrative privileges through malicious files. The flaw affects Chrome versions prior to 148.0.7778.96 on macOS and requires user interaction to exploit. Google has released Chrome 148.0.7778.96 to address this vulnerability. Despite the 7.8 CVSS score, Google rates this as Low severity, reflecting the local attack vector and user interaction requirement that significantly constrain real-world exploitation scenarios.

Privilege Escalation Google Red Hat +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Information Disclosure Google Red Hat +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 through an out-of-bounds read vulnerability in the AdFilter component. Attackers can execute arbitrary code by delivering a specially crafted HTML page, requiring only that a user visit the malicious page. Chrome has released version 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code at time of analysis, though the vulnerability's network-based attack vector and low complexity make it a realistic exploitation target once technical details become public.

Google Information Disclosure RCE +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Google Chrome Chromoting (prior to 148.0.7778.96) on Windows allows attackers to gain elevated OS-level privileges by tricking users into opening a malicious file. While CVSS scores this as high severity (7.8), real-world risk is tempered by local access and required user interaction (CVSS: AV:L/UI:R). Vendor patch available in version 148.0.7778.96 released May 2026. No active exploitation (CISA KEV) or public exploit code identified at time of analysis.

Privilege Escalation Microsoft Google +3
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 on Linux and ChromeOS allows attackers to execute arbitrary code when users perform specific UI gestures on a malicious webpage. The vulnerability stems from insufficient input validation in Chrome's UI layer (CWE-20). Vendor patch available in Chrome 148.0.7778.96. No public exploit identified at time of analysis, though CVSS 8.8 reflects high impact across confidentiality, integrity, and availability.

RCE Google Red Hat +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 148.0.7778.96 through a use-after-free vulnerability in the UI component. Attackers who have already compromised the renderer process can escape sandbox restrictions and execute arbitrary code by delivering a specially crafted HTML page requiring user interaction. Google has released patch version 148.0.7778.96. No active exploitation confirmed in CISA KEV at time of analysis, though the vulnerability requires prior renderer compromise which increases attack complexity beyond the CVSS AC:L rating suggests.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Google Chrome's Windows updater component allows unprivileged users to gain SYSTEM-level access by exploiting insufficient input validation when the updater processes a specially crafted malicious file. Affects all Chrome versions on Windows prior to 148.0.7778.96. Google has released a patched version (148.0.7778.96). No active exploitation confirmed by CISA KEV at time of analysis, though the local attack vector and medium severity rating suggest potential for targeted attacks in enterprise environments where Chrome auto-update may be delayed.

Privilege Escalation Microsoft Google +3
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC implementation (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox through a malicious HTML page exploiting type confusion in WebRTC. Patch available via Chrome 148.0.7778.96. Requires user interaction (visiting crafted page) but no authentication. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability within sandbox constraints. No confirmed active exploitation or public POC identified at time of analysis.

Memory Corruption Google RCE +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.96) allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free memory corruption vulnerability via a malicious HTML page. While sandboxed, successful exploitation achieves high confidentiality, integrity, and availability impact within the renderer process. EPSS data unavailable; not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis. Vendor patch released as Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's GPU component affects versions prior to 148.0.7778.96. An attacker who has already compromised the renderer process can escalate privileges to break out of Chrome's sandbox by exploiting a use-after-free memory corruption vulnerability via a specially crafted HTML page. This requires high attack complexity and user interaction (visiting a malicious page). No active exploitation confirmed at time of analysis, and vendor-released patch (version 148.0.7778.96) is available. EPSS data not provided, but the combination of network vector, changed scope (S:C in CVSS), and sandbox escape capability makes this a priority update for Chrome deployments despite Chromium's 'Medium' internal severity rating.

Google Denial Of Service Use After Free +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's ReadingMode component (versions prior to 148.0.7778.96) allows attackers who have already compromised the renderer process to escape sandbox restrictions and execute arbitrary code on the underlying system. The vulnerability requires user interaction to visit a malicious webpage but exploitation complexity is low once renderer compromise is achieved. EPSS data not available; no CISA KEV listing identified at time of analysis, indicating no confirmed widespread exploitation. Vendor-released patch available in Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Google Information Disclosure Buffer Overflow +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds read in Chrome's codec implementation allows remote attackers to extract potentially sensitive data from process memory by delivering a malicious media file. Affects Chrome versions prior to 148.0.7778.96. The vulnerability requires user interaction (opening or playing a crafted file) but operates over the network. Google rated this as Medium severity within the Chromium security framework.

Google Information Disclosure Buffer Overflow +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's WebAudio implementation (versions before 148.0.7778.96) allows attackers to execute arbitrary code within the browser sandbox by exploiting a use-after-free vulnerability through a malicious HTML page. The vulnerability requires user interaction (visiting a crafted page) but no authentication. Google has released Chrome 148.0.7778.96 to address this issue. EPSS data not available; no KEV listing or public POC identified at time of analysis, suggesting limited real-world exploitation observed despite the high CVSS score.

Denial Of Service Use After Free Memory Corruption +5
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

OS-level privilege escalation in Google Chrome for macOS allows remote attackers to gain elevated system privileges through malicious network traffic exploiting the Companion component. Affects all Chrome versions prior to 148.0.7778.96 on Mac. Vendor-released patch available (Chrome 148.0.7778.96). No public exploit or active exploitation confirmed at time of analysis, though high-complexity network-based attack vector (CVSS AV:N/AC:H) suggests specialized exploitation requirements despite unauthenticated remote access.

Privilege Escalation Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Privilege Escalation Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 via malicious extension exploitation of use-after-free in Views component. Successful exploitation requires convincing a user to install a crafted Chrome extension, after which the attacker can execute arbitrary code with Chrome's privileges. Google has released Chrome 148.0.7778.96 to address this vulnerability. No evidence of active exploitation (not listed in CISA KEV) or public proof-of-concept code identified at time of analysis. CVSS 7.5 severity driven by high attack complexity and required user interaction, which moderates real-world exploitation risk despite potential for full system compromise.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's DevTools component allows attackers who have already compromised the renderer process to break out of the browser sandbox and execute code on the underlying system. Affects all Chrome versions prior to 148.0.7778.96. Google has released version 148.0.7778.96 to patch this vulnerability. The attack requires high complexity and user interaction (visiting a malicious page), but successful exploitation enables complete system compromise with changed scope (S:C in CVSS vector), escalating from renderer-level access to full system access. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser's sandbox by exploiting a use-after-free vulnerability in the Blink rendering engine through a specially crafted HTML page. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting a malicious webpage). EPSS data not available. Not listed in CISA KEV at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.

Denial Of Service Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Chrome's Dawn graphics API (WebGPU) enables sandbox escape on Windows systems when users visit attacker-controlled web pages. Affects all Chrome versions prior to 148.0.7778.96 on Windows platforms. Vendor-released patch available in Chrome 148.0.7778.96 (confirmed by Google Stable Channel release). CVSS 8.8 reflects high impact but requires user interaction. No public exploit code or CISA KEV listing identified at time of analysis, indicating targeted or proof-of-concept stage exploitation risk rather than widespread active exploitation.

Microsoft Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Privilege Escalation Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox through a use-after-free vulnerability in the TopChrome component. Attack requires user interaction with a malicious HTML page and has high attack complexity. EPSS data not available; no active exploitation confirmed at time of analysis. Vendor-released patch available in Chrome 148.0.7778.96.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Integer overflow in Chrome's Network component prior to version 148.0.7778.96 allows remote attackers to bypass same-origin policy after compromising the renderer process via a crafted HTML page. The vulnerability requires renderer compromise and user interaction, limiting real-world risk despite network-accessible attack surface. No active exploitation has been confirmed; a vendor patch is available.

Buffer Overflow Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows attackers who have already compromised the renderer process to break out of Chrome's security sandbox through malicious HTML pages. The vulnerability stems from insufficient input validation in Chrome's Navigation component, requiring both network access and user interaction but enabling complete system compromise (high confidentiality, integrity, and availability impact) once the renderer is compromised. Vendor-released patch available in version 148.0.7778.96, announced via Google's stable channel update.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Insufficient input validation in the FileSystem API in Google Chrome prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to perform arbitrary file read and write operations through a malicious HTML page. The vulnerability requires prior renderer compromise and user interaction with a crafted page, limiting its attack surface despite network-accessible vectors. Vendor has released a patched version.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox via crafted HTML pages exploiting ServiceWorker implementation flaws. This vulnerability requires high attack complexity and user interaction but enables complete system compromise once the initial renderer compromise is achieved. Vendor patch released in Chrome 148.0.7778.96 per official Chrome security bulletin.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Insufficient policy enforcement in DirectSockets API in Google Chrome prior to version 148.0.7778.96 allows remote attackers to perform arbitrary read and write operations through a crafted malicious Chrome extension. The vulnerability requires user interaction (extension installation) but affects the core security model of the browser's socket access control, exposing local network resources to unauthorized access by untrusted extensions.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Google Chrome prior to version 148.0.7778.96 contains insufficient validation of untrusted input in the Permissions system, allowing attackers on the local network segment to leak cross-origin data through malicious network traffic. The vulnerability requires network adjacency but no user interaction or authentication, affecting confidentiality with medium Chromium severity. Patch is available from Google.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Information disclosure in Google Chrome prior to 148.0.7778.96 allows remote attackers who have compromised the renderer process to extract potentially sensitive data from process memory through a race condition triggered by a crafted HTML page. The vulnerability requires renderer process compromise and user interaction but results in high confidentiality impact with no integrity or availability consequences. Chromium security team rates this as Medium severity; no active exploitation has been publicly confirmed.

Race Condition Google Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Uncontrolled XSS vulnerability in Google Chrome's ServiceWorker implementation prior to version 148.0.7778.96 allows attackers to inject arbitrary scripts or HTML into web pages when users install a malicious Chrome extension, bypassing same-origin policy protections. The vulnerability requires user interaction (extension installation) but can be exploited remotely with low attack complexity. CVSS score of 5.4 reflects medium severity; no active exploitation has been publicly reported.

XSS Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Media component on macOS and iOS versions prior to 148.0.7778.96 allows attackers to execute arbitrary code within the browser sandbox by exploiting an out-of-bounds write vulnerability. Attack requires the compromised renderer process prerequisite plus user interaction with a malicious HTML page. CVSS rates this 8.8 (High) due to network attack vector and no authentication required, though exploitation remains constrained by the sandbox boundary and requires initial renderer compromise. Vendor-released patch available in Chrome 148.0.7778.96. No active exploitation (CISA KEV) or public exploit code identified at time of analysis.

Buffer Overflow Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 148.0.7778.96 allows remote attackers who have already compromised the renderer process to break out of Chrome's security sandbox via a use-after-free vulnerability in the Navigation component. This requires user interaction with a malicious HTML page and successful renderer compromise as a prerequisite, making it a two-stage attack requiring high attack complexity. Vendor-released patch available in Chrome 148.0.7778.96. No public exploit or active exploitation (CISA KEV) identified at time of analysis. CVSS 8.3 (High) reflects the severe post-compromise impact (sandbox escape enabling system-level access), but real-world risk depends heavily on successful initial renderer compromise.

Google Denial Of Service Use After Free +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Uninitialized memory use in the GPU component of Google Chrome prior to version 148.0.7778.96 allows remote attackers who have compromised the renderer process to extract potentially sensitive information from process memory through a malicious HTML page. The vulnerability requires renderer process compromise as a precondition and user interaction to trigger, but once achieved, enables confidentiality breach with no code execution or denial of service impact. Vendor-released patch available in Chrome 148.0.7778.96.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Unvalidated Omnibox input in Google Chrome prior to version 148.0.7778.96 enables remote attackers to inject arbitrary scripts and HTML (universal XSS) via malicious network traffic, affecting users who click on crafted links. The vulnerability requires user interaction but crosses security boundaries due to its scope impact. No active exploitation has been publicly confirmed, though a patch is available from Google.

Code Injection Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Insufficient policy enforcement in Chrome Extensions prior to version 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass discretionary access controls via a crafted HTML page, potentially leading to unauthorized information disclosure or modification. The vulnerability requires user interaction and a pre-existing renderer compromise, limiting its practical exploitation scope. A vendor-released patch is available in Chrome 148.0.7778.96 and later.

Authentication Bypass Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution within Chrome's sandbox affects all versions prior to 148.0.7778.96 through an out-of-bounds write in the WebRTC component. Attackers can achieve arbitrary code execution by convincing users to visit a specially crafted HTML page, though execution remains confined to Chrome's sandbox. EPSS data not available for this recent CVE (May 2026). Vendor-released patch version 148.0.7778.96 addresses the vulnerability with Chromium security severity rated Medium despite 8.8 CVSS score.

Google Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Out-of-bounds read and write in the GFX component of Google Chrome prior to version 148.0.7778.96 allows remote attackers to perform arbitrary memory read and write operations through malicious network traffic. The vulnerability requires user interaction (clicking a link or visiting a malicious page) but does not require authentication. Chromium rated the security severity as Medium; CVSS 5.4 reflects moderate impact (confidentiality and integrity compromise without availability loss). No active exploitation confirmed in CISA KEV at time of analysis.

Google Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Local privilege escalation in Google Chrome Chromoting (remote desktop component) allows authenticated Windows users to gain elevated system privileges through a race condition exploit triggered by a malicious file. Fixed in Chrome 148.0.7778.96. The vulnerability requires user interaction and high attack complexity (AC:H), limiting automated exploitation despite the 7.5 CVSS score. No public exploit identified at time of analysis, and not listed in CISA KEV.

Privilege Escalation Microsoft Race Condition +4
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

UI spoofing via insufficient input validation in Google Chrome prior to 148.0.7778.96 allows a remote attacker who has already compromised the renderer process to craft malicious HTML pages that deceive users about the legitimate UI elements. The attack requires renderer process compromise as a prerequisite and user interaction with the crafted page, limiting real-world applicability to multi-stage attacks. Chromium assessed this as medium severity; no public exploit code or active exploitation has been identified.

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient policy enforcement in Chrome's WebUI on Linux, Mac, Windows, and ChromeOS prior to 148.0.7778.96 allows a remote attacker with a compromised renderer process to bypass site isolation via a crafted HTML page, potentially exposing sensitive cross-site data. The vulnerability requires user interaction (UI:R) and prior renderer compromise, limiting its standalone exploitability. Vendor-released patch available in version 148.0.7778.96.

Authentication Bypass Microsoft Google +3
NVD VulDB
Prev Page 21 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy