Skip to main content

Suse

9348 CVEs vendor

Monthly

CVE-2026-55776 Go MEDIUM PATCH GHSA This Month

OpenBao's transit secrets engine crashes the entire server process when an authenticated caller submits a key-creation request combining an asymmetric key type (rsa-*, ecdsa-*, ed25519) with the derived: true parameter. Affected versions confirmed as 2.5.2 and 2.5.4, with earlier versions also likely vulnerable per the GHSA advisory. The server returns no HTTP response, terminates with exit code 2, and the crash propagates to the entire cluster - making this a high-impact availability denial-of-service requiring only a single authenticated API request. Publicly available exploit code exists in the form of a detailed PoC curl command included in the security advisory; no CISA KEV listing is present at time of analysis.

Docker Denial Of Service Hashicorp Suse
NVD GitHub
CVSS 3.1
6.5
CVE-2026-54762 Go MEDIUM PATCH GHSA This Month

The Kubernetes Ingress NGINX provider in Traefik v3.7.0-ea.1 through v3.7.4 fails open when BasicAuth or DigestAuth cannot be installed because the referenced auth-secret is unresolvable, silently publishing the intended-to-be-protected backend route without any authentication middleware to unauthenticated network clients. Operators who explicitly configure auth via nginx.ingress.kubernetes.io/auth-type and auth-secret annotations are left with a live, fully accessible backend route while Traefik logs a single controller-level error and routes traffic normally - a direct violation of the declared security intent. A detailed proof-of-concept covering eight distinct secret-failure scenarios was developed by the reporter and confirmed on both current master and v3.7.1; no public release of exploit code is confirmed and no CISA KEV listing exists at time of analysis.

Nginx Kubernetes Denial Of Service Docker Red Hat +1
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.2%
CVE-2026-54904 Ruby HIGH PATCH GHSA This Week

Denial of service in the concurrent-ruby gem (versions through 1.3.6) allows attackers to cause CPU exhaustion and permanent thread hangs by forcing an externally-derived numeric value stored in a Concurrent::AtomicReference to become Float::NAN. Because Ruby evaluates Float::NAN == Float::NAN as false, any subsequent call to AtomicReference#update livelocks - endlessly re-running the caller's block and pinning a CPU core, as the included reporter PoC demonstrates (over 1.9 million spin iterations in 250 ms). Publicly available exploit code exists; there is no public exploit identified as being used in active attacks, and the issue is not listed in CISA KEV.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-23879 PyPI HIGH PATCH GHSA This Week

Arbitrary file write in py7zr versions 1.1.0 through 1.1.2 allows attackers to escape the destination directory during archive extraction by chaining malicious symbolic links that resolve outside the target path. A victim who calls extractall() on a crafted 7z archive can have files written to arbitrary host filesystem locations, potentially escalating to remote code execution, privilege escalation, or data corruption. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no public exploit identified for active campaigns at time of analysis.

Python Privilege Escalation RCE Denial Of Service Red Hat +1
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.4%
CVE-2026-9375 HIGH PATCH This Week

Denial-of-service in urllib3 2.6.3 allows a malicious HTTP server to exhaust client memory via a Brotli decompression bomb that bypasses the streaming API's max_length safeguard added in 2.6.0 (CVE-2025-66471). Any Python application using urllib3 or requests with preload_content=False to stream Brotli-encoded responses from untrusted origins is exposed. No public exploit identified at time of analysis, though an upstream commit and GHSA-mf9v-mfxr-j63j confirm the regression.

Denial Of Service Urllib3 Urllib3 Suse
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
0.3%
CVE-2026-49271 MEDIUM PATCH This Month

Out-of-bounds heap read in libheif's uncompressed HEIF decoder allows a remote attacker to crash any application processing crafted HEIF files. Versions prior to 1.22.1 fail to safely validate icef compressed-unit offsets because the addition of unit_offset + unit_size can integer-wrap, bypassing the range check and permitting a C++ vector to be constructed from iterators pointing outside the compressed item buffer. Exploitation requires a user or automated pipeline to open an attacker-supplied HEIF file; no public exploit or CISA KEV listing exists at time of analysis.

Information Disclosure Buffer Overflow Libheif Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-44939 Go CRITICAL PATCH GHSA Act Now

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no public exploit was identified at time of analysis and it is not listed in CISA KEV. Reported by SUSE through GitHub Security Advisory GHSA-mhc6-2gfq-xx62.

Command Injection Code Injection Rancher Suse
NVD GitHub
CVSS 4.0
9.4
EPSS
1.1%
CVE-2026-12706 MEDIUM This Month

Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.

Use After Free Memory Corruption Denial Of Service Red Hat Enterprise Linux Ai Rhel Ai 3 Red Hat Openshift Ai Rhoai +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-56132 MEDIUM PATCH This Month

Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.

Buffer Overflow Libexpat Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.1%
CVE-2026-56131 MEDIUM PATCH This Month

Use-after-free in libexpat before 2.8.2 allows memory corruption when XML_ResumeParser is called from within a handler callback during a policy-violation scenario. The missing call-depth guard permits re-entrant parser invocation, leaving dangling pointers in the parser's internal heap state and enabling potential information disclosure or memory corruption with low confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis, and the high attack complexity (AC:H) reflects the specific re-entrant handler pattern required to trigger the flaw.

Use After Free Memory Corruption Information Disclosure Libexpat Suse
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-40923 CRITICAL Act Now

Session ID generation in Mojolicious::Sessions::Storable through version 0.05 relies on predictable, low-entropy inputs - a SHA-1 hash seeded with Perl's built-in rand(), epoch time, a heap memory address, and the server PID - making session identifiers guessable by a network attacker. Successful exploitation enables session hijacking, allowing an attacker to impersonate authenticated users without possessing their credentials. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, but the flaw is structurally significant on low-traffic, single-worker deployments where PID and timing entropy are minimal.

Information Disclosure Suse
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-44663 HIGH PATCH This Week

Heap out-of-bounds write in OpenEXR 3.4.0 through 3.4.11 lets an attacker who supplies a crafted HTJ2K-compressed EXR file trigger memory corruption during decoding, via an integer overflow in the HTJ2K decoder ht_undo_impl(). Any application that decodes untrusted EXR images using the affected OpenEXRCore library is at risk, with potential for memory corruption and possible code execution. No public exploit has been identified at time of analysis; EPSS risk is low (0.17%, 7th percentile) and CISA SSVC rates exploitation as none.

Integer Overflow Buffer Overflow Openexr Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-43994 CRITICAL PATCH Act Now

Stack buffer overflow in Coturn's OAuth token decoder (decode_oauth_token_gcm()) lets remote unauthenticated attackers corrupt the server stack in all versions prior to 4.10.0. An attacker-controlled uint16_t nonce_len value (up to 65535) read from an OAuth access token is passed straight into memcpy() against a 256-byte stack buffer before any AES-GCM authentication, so no OAuth key or valid token is required to write up to 735 bytes past the buffer. Publicly available exploit code exists (SSVC: PoC) but it is not in CISA KEV, EPSS is low at 0.36% (27th percentile), and exploitation is gated on the non-default --oauth mode being enabled.

Buffer Overflow Coturn Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-43915 MEDIUM PATCH This Month

Stored XSS in Coturn's web-admin HTTPS interface (all versions prior to 4.11.0) allows a TURN-level attacker to inject persistent JavaScript that executes in an authenticated administrator's browser when they view the session list. The attack is staged via a crafted USERNAME value in a TURN Allocate request, bridging the TURN protocol surface into the web-admin UI context. In anonymous deployments (--no-auth), no TURN credentials are required for the injection phase, broadening the exposure; in authenticated deployments the attacker must hold valid TURN credentials. No public exploit has been identified and this vulnerability is not listed in CISA KEV.

XSS Coturn Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-9692 MEDIUM PATCH This Month

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy sources that are unsuitable for security purposes.

Information Disclosure Mojolicious Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-55686 Go MEDIUM PATCH GHSA This Month

WORKDIR symlink traversal in Podman allows a malicious container image to create arbitrary directories - and under a race condition, modify ownership - directly on the host filesystem, breaking container isolation. Affected versions include Podman v5 through 5.7.0, v4 through 4.9.5, and v3 through 3.4.7; the flaw is in the WORKDIR path resolution logic, which fails to confine symlink dereferences to the container's mount namespace. Public proof-of-concept scripts are included in the vendor's GitHub advisory (GHSA-q6r4-3wmg-fwcq); no active exploitation has been confirmed via CISA KEV.

Information Disclosure Docker Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-50141 Go HIGH POC PATCH GHSA This Week

Agent impersonation in Woodpecker CI 3.0.0 through 3.14.0 allows any authenticated agent to assume the identity of any other agent on the same server by injecting a forged agent_id into outgoing gRPC metadata. The server validates the JWT correctly but then trusts the client-supplied agent_id over the cryptographically verified one, enabling cross-tenant job hijacking and integrity compromise of CI pipelines. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Suse
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-44942 MEDIUM PATCH This Month

Path traversal in libzypp's .repo file processing enables low-privileged network-accessible attackers to write content into arbitrary directories on the host filesystem beyond the intended zypp cache boundary. Affected versions span the 17.x series before 17.38.13 and the 16.x series before 16.22.19, covering systems running SUSE Linux Enterprise and openSUSE derivatives that use zypper as their package manager. The primary real-world impact is disk exhaustion across unexpected filesystem paths, causing a denial of service; no confidentiality impact is attributed in the CVSS assessment. No public exploit or CISA KEV listing has been identified at time of analysis.

Path Traversal Libzypp Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2026-48930 CRITICAL PATCH Act Now

Hostname validation bypass in Node.js (versions 22.22.3, 24.16.0, and 26.3.0) lets attackers smuggle embedded NUL bytes through the dns and net subsystems, truncating a hostname after the NUL so that application-level allowlists, SNI checks, or destination filters validate one host while the runtime resolves or connects to another. The Node.js project rates this specific issue Medium and shipped the fix in its June 2026 security release; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.28%, 20th percentile), and it is not in CISA KEV. Note a significant signal conflict: the aggregate input score of CVSS 9.8 with an 'Authentication Bypass' tag is far above the vendor's own Medium rating for this CVE and appears to be an inflated pre-NVD auto-score.

Authentication Bypass Node Js Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-48928 MEDIUM PATCH This Month

TLS SNI context matching in Node.js performs case-sensitive hostname comparison, enabling network-accessible low-privileged attackers to bypass intended server-side TLS context selection by varying the casing of the SNI hostname in a ClientHello message. Affected versions prior to 26.3.1 may serve an incorrect TLS certificate or context when a client sends an SNI value with unexpected casing (e.g., 'EXAMPLE.COM' versus 'example.com'), yielding limited confidentiality and integrity impacts in multi-hostname deployments. No public exploit code or active exploitation has been identified; the fix shipped as part of the Node.js June 2026 coordinated security release alongside ten other CVEs.

Authentication Bypass Node Js Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-48615 HIGH PATCH This Week

Sensitive information disclosure in Node.js (versions 26.3.0, 24.16.0, and 22.22.3) leaks embedded proxy credentials when a CONNECT tunnel connection fails, because the full proxy URL - including username and password - is included verbatim in the resulting tunnel error message rather than being redacted. Anyone able to read those error strings (application logs, error responses, monitoring/telemetry pipelines) can recover the proxy authentication secret. This is a Medium-rated, post-disclosure security-release fix (fixed in v26.3.1); there is no public exploit identified at time of analysis and EPSS is low at 0.38% (30th percentile).

Information Disclosure Node Js Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-48619 HIGH PATCH This Week

Denial of service in Node.js HTTP/2 lets a remote peer exhaust process memory by driving unbounded growth of the connection's originSet, the structure that tracks origins advertised via HTTP/2 ORIGIN frames. It affects the 22.x, 24.x and 26.x release lines up to and including Node 22.22.3, 24.16.0 and 26.3.0, and is fixed in the June 2026 security release (26.3.1). There is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.51%), but availability impact is rated High.

Denial Of Service Node Js Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-48937 MEDIUM PATCH This Month

Denial-of-service exposure in Node.js HTTP/2 handling stems from integration defects with the nghttp2 library, addressed in the Node.js 24.17.0 'Krypton' LTS security release on 2026-06-18. Remote, unauthenticated attackers (per CVSS:3.0/PR:N/AV:N) can trigger availability degradation through crafted HTTP/2 traffic exploiting the flawed nghttp2 integration layer. The fix, commit a8a0d12875 in nodejs/node#62891, pairs an nghttp2 bump to version 1.69.0 with corrective integration patches; no public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.0
5.3
EPSS
0.4%
CVE-2026-48990 PyPI MEDIUM POC PATCH GHSA This Month

Resource exhaustion in joserfc (versions 1.3.4-1.6.5) is possible because the RFC7797 unencoded-payload (b64=false) JWS code path skips the configured JWSRegistry.max_payload_length check, while the standard compact and flattened JSON paths correctly raise ExceededSizeError. Remotely submitted, cryptographically valid b64=false JWS tokens with arbitrarily large payloads are deserialized without size enforcement, consuming memory or CPU on the verifying server. No public exploit has been identified and the vulnerability is not in the CISA KEV catalog; a vendor-released fix is available in version 1.6.7.

Python Denial Of Service Joserfc Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-9678 npm MEDIUM PATCH GHSA This Month

Cache information disclosure in Undici's shared-mode cache interceptor allows a prior authenticated user's HTTP response to be served to a subsequent, potentially unauthenticated, caller. Applications using Undici's explicit `interceptors.cache()` in shared mode that forward Authorization headers to an upstream which returns Cache-Control headers with whitespace-padded qualified directives (e.g., `private=" authorization"`) are affected across all v7 versions prior to 7.28.0 and all v8 versions prior to 8.5.0. No public exploit has been identified at time of analysis; exploitation is bounded by high attack complexity (CVSS AC:H, score 5.9), but when conditions align, the confidentiality impact is complete.

Canonical Information Disclosure Undici Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-9679 npm MEDIUM PATCH GHSA This Month

HTTP response header injection in undici's cookie parser exposes proxy, middleware, and SSR framework applications to session fixation, open redirect, and cache poisoning. The `parseSetCookie`, `parseCookie`, and `getSetCookies` functions incorrectly percent-decode cookie values using `qsUnescape`, converting encoded sequences such as `%0D%0A` into literal CRLF bytes in violation of RFC 6265 §5.4, which prescribes no such decoding. Any application that fetches from an attacker-controlled upstream and forwards the parsed cookie value into a downstream response header is exploitable; no public exploit has been identified at time of analysis, and patched releases v6.26.0, v7.28.0, and v8.5.0 are available.

Open Redirect Undici Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-48142 MEDIUM PATCH This Month

Heap buffer over-read in NGINX Plus and NGINX Open Source's ngx_http_charset_module exposes limited worker process memory or triggers a worker restart when remote unauthenticated attackers send crafted requests against a non-default charset conversion configuration. Exploitation requires both a specific dual-directive configuration (source_charset utf-8 alongside a differing charset directive such as koi8-r in the same location block) and content-dependent conditions outside the attacker's direct control, reflected in the CVSS AC:H rating. No public exploit code exists and this CVE does not appear in the CISA KEV catalog; the vendor F5 has published advisory K000161585 with patched version guidance.

Nginx Information Disclosure Buffer Overflow Nginx Open Source Nginx Plus +2
NVD VulDB
CVSS 4.0
6.3
EPSS
0.4%
CVE-2026-54761 Go MEDIUM PATCH GHSA This Month

Traefik's Kubernetes Gateway provider exposes internal services (`api@internal`, `dashboard@internal`, `rest@internal`) on the data plane due to a namespace allowlist check evaluated against the wrong variable in multi-backendRef (WRR) HTTPRoute rules. Operators who configured `crossProviderNamespaces` to restrict which namespaces may reference cross-provider `TraefikService` backends find that restriction entirely bypassed for routes with two or more backendRefs, allowing an unprivileged route namespace to expose the Traefik API unauthenticated on the normal web entrypoint. A fully functional end-to-end proof-of-concept was included in the disclosure; no public exploit identifier at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Kubernetes Docker Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.4%
CVE-2026-12469 MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-12468 HIGH PATCH This Week

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Race Condition Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12467 HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12466 HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Heap Overflow RCE Buffer Overflow +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-12465 HIGH PATCH This Week

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12464 HIGH PATCH This Week

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12463 MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in the Views component of Google Chrome on Linux (prior to 149.0.7827.155) enables an attacker who has already compromised the renderer process to inject arbitrary scripts or HTML across security origins via a crafted HTML page, breaking Chrome's same-origin policy isolation. This is a post-renderer-compromise escalation step in a multi-stage attack chain, Linux-platform specific, requiring prior renderer RCE as a prerequisite. No public exploit code has been identified at time of analysis; EPSS sits at 0.29% (21st percentile), and CISA SSVC assesses exploitation status as none with partial technical impact.

Google XSS Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.3%
CVE-2026-12462 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Use After Free RCE Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12461 MEDIUM PATCH This Month

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Information Disclosure Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-12460 MEDIUM PATCH This Month

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)

Google Chrome Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.3%
CVE-2026-12459 MEDIUM PATCH This Month

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Google Chrome XSS Red Hat Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-12457 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Google Chrome Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2026-12456 MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)

Google Chrome Authentication Bypass Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2026-12455 HIGH PATCH This Week

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12454 HIGH PATCH This Week

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Race Condition Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-12453 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Google Chrome Authentication Bypass Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
4.2
EPSS
0.3%
CVE-2026-12452 HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12451 HIGH PATCH This Week

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12450 MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Chrome Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-12449 HIGH PATCH This Week

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

Google Microsoft Use After Free Privilege Escalation Memory Corruption +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-12448 HIGH PATCH This Week

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Google Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12447 HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Heap Overflow RCE Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-12446 MEDIUM PATCH This Month

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-12445 HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-12444 MEDIUM PATCH This Month

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: High)

Google Microsoft Information Disclosure Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-12443 HIGH PATCH This Week

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free RCE Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-12442 HIGH PATCH This Week

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free RCE Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-12441 HIGH PATCH This Week

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12440 CRITICAL PATCH Act Now

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Microsoft Use After Free Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-12439 HIGH PATCH This Week

Heap corruption in Google Chrome's Digital Credentials component (versions prior to 149.0.7827.155) allows remote attackers to trigger a use-after-free condition by enticing a user to visit a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates this issue as Critical severity, and Google has released a patched stable-channel build; no public exploit identified at time of analysis and EPSS sits at 0.31% (23rd percentile), indicating low predicted near-term exploitation pressure despite the high CVSS of 8.8.

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12438 HIGH PATCH This Week

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12437 HIGH PATCH This Week

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Microsoft Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-36849 HIGH This Week

Denial of service in libtiff v4.7.1 and prior allows processing of a crafted TIFF file containing an abnormally large SamplesPerPixel tag value to crash or hang the affected process. Any application or service that passes attacker-controlled TIFF files through libtiff is potentially vulnerable, including web-based image processors, document converters, and media ingestion pipelines. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at the time of this analysis.

Gitlab Denial Of Service Suse
NVD
CVE-2026-2604 MEDIUM PATCH This Month

Arbitrary file deletion in evolution-data-server's addressbook file backend exposes host filesystem to manipulation by a Flatpak application with D-Bus access. The vulnerability exploits split validation logic: a crafted URI embedding directory traversal sequences (e.g., '../') is accepted without sufficient sanitization during contact creation or modification, but when the same URI is later processed at deletion time, a second, less restrictive check fails to catch the traversal - allowing files outside the intended addressbook directory to be removed. Critically, deletion of Flatpak override files could be leveraged to silently weaken sandbox restrictions for subsequent application runs. No public exploit has been identified at time of analysis.

Path Traversal Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
5.6
EPSS
0.3%
CVE-2026-54531 PyPI MEDIUM PATCH GHSA This Month

Processing crafted PDF outlines in pypdf versions prior to 6.13.0 triggers an infinite loop during writer merge operations, causing a denial of service. Applications that accept user-supplied PDFs and merge them using PdfWriter are affected - specifically any code path that calls merge() on a PDF whose /Outlines or /Parent hierarchy contains circular references. No public exploit has been identified at time of analysis and this is not listed in CISA KEV; a vendor-released patch is available as pypdf 6.13.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-54530 PyPI MEDIUM PATCH GHSA This Month

Infinite loop denial-of-service in pypdf allows an attacker to hang any Python application that processes a crafted PDF using layout-mode text extraction. The vulnerability arises because the `/Parent` hierarchy traversal in `_layout_mode_fonts()` lacked cycle detection, so a circular reference structure in a malicious PDF causes the parser to loop indefinitely. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack surface is broad: any service accepting user-supplied PDFs and passing them to pypdf's layout-mode extraction is potentially affected.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-12330 MEDIUM PATCH This Month

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12327 HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Buffer Overflow Mozilla RCE Red Hat Suse
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-12325 MEDIUM PATCH This Month

Uncontrolled resource consumption in Mozilla Firefox's Graphics: ImageLib component allows remote attackers to crash or hang the browser by serving specially crafted image content to an unsuspecting user. All Firefox release-channel versions prior to 152 and both ESR tracks (prior to 140.12 and 115.37) are affected, exposing a broad install base across consumer and enterprise environments. No public exploit has been identified, SSVC rates exploitation as none with a non-automatable attack path, and KEV listing is absent - signals that collectively place this vulnerability at lower real-world priority despite a CVSS 6.5 score.

Mozilla Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12324 HIGH PATCH This Week

Memory safety flaw in the CanvasWebGL graphics component of Mozilla Firefox allows remote attackers to trigger incorrect boundary handling through crafted web content, leading to limited confidentiality, integrity, and availability impact. The issue affects Firefox prior to version 152 and Firefox ESR prior to 140.12, and no public exploit identified at time of analysis. Reported by Mozilla with low complexity and no authentication required (CVSS 7.3).

Mozilla Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-12323 MEDIUM PATCH This Month

Spoofing via CWE-1021 (UI layer restriction failure) in Mozilla Firefox's DOM Core & HTML component allows remote unauthenticated attackers to render deceptive UI content in a victim's browser when they interact with a malicious web page. All Firefox versions prior to 152 are affected. No public exploit has been identified at time of analysis, and CISA SSVC assessment classifies exploitation status as none with partial technical impact, placing real-world urgency below the moderate CVSS score suggests.

Mozilla XSS Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12322 MEDIUM PATCH This Month

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152.

Mozilla XSS Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12321 MEDIUM PATCH This Month

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12320 MEDIUM PATCH This Month

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12319 MEDIUM PATCH This Month

Denial-of-service in Mozilla Firefox's Audio/Video Playback component allows a remote attacker to crash or render the browser unresponsive by delivering crafted media content to a victim. All Firefox releases prior to version 152 are affected per CPE coverage. No public exploit has been identified at time of analysis, and SSVC rates exploitation as none with partial technical impact, placing this in the moderate-priority tier rather than an emergency response category.

Mozilla Denial Of Service Suse Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12318 HIGH PATCH This Week

Memory corruption in the NSS (Network Security Services) Libraries component shipped with Mozilla Firefox allows remote attackers to trigger out-of-bounds memory access via incorrect boundary condition handling, with low impact across confidentiality, integrity, and availability. Mozilla addressed the issue in Firefox 152, with associated advisories MFSA2026-57 and MFSA2026-60. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-12317 HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 152 allows remote unauthenticated attackers to crash the browser by serving crafted web content, resulting in denial of service. The CVSS 3.1 base score of 7.5 reflects high availability impact without confidentiality or integrity loss, and no public exploit identified at time of analysis. Mozilla disclosed the issue via advisories MFSA2026-57 and MFSA2026-60 with a fix shipped in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12316 CRITICAL PATCH Act Now

Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attackers to compromise confidentiality and integrity of browser-rendered content without user interaction. The flaw carries a critical CVSS 3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged as an Authentication Bypass class issue, though no public exploit identified at time of analysis. The vulnerability has been patched by Mozilla in Firefox 152 per MFSA2026-57/MFSA2026-60.

Authentication Bypass Mozilla Suse Red Hat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-12315 CRITICAL PATCH Act Now

Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent browser security controls, with high impact to confidentiality and integrity. The flaw affects Firefox versions prior to 152 and Firefox ESR prior to 140.12, with no public exploit identified at time of analysis. Given the CVSS 9.1 rating and network-reachable attack vector, any user browsing a malicious page is potentially exposed.

Authentication Bypass Mozilla Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-12314 HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 allows remote attackers to compromise browser memory integrity through crafted web content, with confidentiality impact rated High per the CVSS vector. The flaw stems from a buffer-handling defect (CWE-119) reported by Mozilla itself and addressed across multiple security advisories (MFSA2026-57, -58, -60, -61). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12313 MEDIUM PATCH This Month

Sandbox escape with information disclosure in Mozilla Firefox's Process Sandboxing component allows a remote attacker to break out of the browser sandbox and read sensitive data from the host environment when a user visits attacker-controlled content. Affected versions span all Firefox releases prior to 152 and all Firefox ESR releases prior to 140.12, patched by Mozilla in mfsa2026-57 and mfsa2026-58. No public exploit identified at time of analysis and SSVC signals no current exploitation activity, keeping real-world urgency at moderate priority despite the scope-changing nature of the flaw.

Privilege Escalation Mozilla Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2026-12312 HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12311 MEDIUM PATCH This Month

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2026-12310 HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12309 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12308 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12307 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12306 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12305 HIGH PATCH This Week

Denial of service in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 stems from a memory safety bug (CWE-119) that remote attackers can trigger via crafted web content. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, consistent with a browser crash rather than reliable code execution. No public exploit identified at time of analysis, and Mozilla has shipped fixes across multiple advisories (MFSA2026-57, -58, -60, -61).

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12304 CRITICAL PATCH Act Now

Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Authentication Bypass Mozilla Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-12303 MEDIUM PATCH This Month

Out-of-bounds read in Firefox's WebGPU graphics component exposes browser memory contents to remote attackers who can lure a user to a malicious webpage. All Firefox versions prior to 152 are affected, with the vulnerability stemming from incorrect boundary conditions during GPU-accelerated rendering operations. No public exploit or active exploitation has been identified at time of analysis; exploitation requires user interaction, limiting opportunistic mass exploitation despite the zero-authentication requirement on the attacker side.

Mozilla Information Disclosure Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12302 MEDIUM PATCH This Month

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

Authentication Bypass Mozilla Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVSS 6.5
MEDIUM PATCH This Month

OpenBao's transit secrets engine crashes the entire server process when an authenticated caller submits a key-creation request combining an asymmetric key type (rsa-*, ecdsa-*, ed25519) with the derived: true parameter. Affected versions confirmed as 2.5.2 and 2.5.4, with earlier versions also likely vulnerable per the GHSA advisory. The server returns no HTTP response, terminates with exit code 2, and the crash propagates to the entire cluster - making this a high-impact availability denial-of-service requiring only a single authenticated API request. Publicly available exploit code exists in the form of a detailed PoC curl command included in the security advisory; no CISA KEV listing is present at time of analysis.

Docker Denial Of Service Hashicorp +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The Kubernetes Ingress NGINX provider in Traefik v3.7.0-ea.1 through v3.7.4 fails open when BasicAuth or DigestAuth cannot be installed because the referenced auth-secret is unresolvable, silently publishing the intended-to-be-protected backend route without any authentication middleware to unauthenticated network clients. Operators who explicitly configure auth via nginx.ingress.kubernetes.io/auth-type and auth-secret annotations are left with a live, fully accessible backend route while Traefik logs a single controller-level error and routes traffic normally - a direct violation of the declared security intent. A detailed proof-of-concept covering eight distinct secret-failure scenarios was developed by the reporter and confirmed on both current master and v3.7.1; no public release of exploit code is confirmed and no CISA KEV listing exists at time of analysis.

Nginx Kubernetes Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in the concurrent-ruby gem (versions through 1.3.6) allows attackers to cause CPU exhaustion and permanent thread hangs by forcing an externally-derived numeric value stored in a Concurrent::AtomicReference to become Float::NAN. Because Ruby evaluates Float::NAN == Float::NAN as false, any subsequent call to AtomicReference#update livelocks - endlessly re-running the caller's block and pinning a CPU core, as the included reporter PoC demonstrates (over 1.9 million spin iterations in 250 ms). Publicly available exploit code exists; there is no public exploit identified as being used in active attacks, and the issue is not listed in CISA KEV.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Arbitrary file write in py7zr versions 1.1.0 through 1.1.2 allows attackers to escape the destination directory during archive extraction by chaining malicious symbolic links that resolve outside the target path. A victim who calls extractall() on a crafted 7z archive can have files written to arbitrary host filesystem locations, potentially escalating to remote code execution, privilege escalation, or data corruption. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no public exploit identified for active campaigns at time of analysis.

Python Privilege Escalation RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in urllib3 2.6.3 allows a malicious HTTP server to exhaust client memory via a Brotli decompression bomb that bypasses the streaming API's max_length safeguard added in 2.6.0 (CVE-2025-66471). Any Python application using urllib3 or requests with preload_content=False to stream Brotli-encoded responses from untrusted origins is exposed. No public exploit identified at time of analysis, though an upstream commit and GHSA-mf9v-mfxr-j63j confirm the regression.

Denial Of Service Urllib3 Urllib3 Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds heap read in libheif's uncompressed HEIF decoder allows a remote attacker to crash any application processing crafted HEIF files. Versions prior to 1.22.1 fail to safely validate icef compressed-unit offsets because the addition of unit_offset + unit_size can integer-wrap, bypassing the range check and permitting a C++ vector to be constructed from iterators pointing outside the compressed item buffer. Exploitation requires a user or automated pipeline to open an attacker-supplied HEIF file; no public exploit or CISA KEV listing exists at time of analysis.

Information Disclosure Buffer Overflow Libheif +1
NVD GitHub VulDB
EPSS 1% CVSS 9.4
CRITICAL PATCH Act Now

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no public exploit was identified at time of analysis and it is not listed in CISA KEV. Reported by SUSE through GitHub Security Advisory GHSA-mhc6-2gfq-xx62.

Command Injection Code Injection Rancher +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.

Use After Free Memory Corruption Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.

Buffer Overflow Libexpat Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Use-after-free in libexpat before 2.8.2 allows memory corruption when XML_ResumeParser is called from within a handler callback during a policy-violation scenario. The missing call-depth guard permits re-entrant parser invocation, leaving dangling pointers in the parser's internal heap state and enabling potential information disclosure or memory corruption with low confidentiality, integrity, and availability impact. No public exploit is identified at time of analysis, and the high attack complexity (AC:H) reflects the specific re-entrant handler pattern required to trigger the flaw.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub VulDB
EPSS 0% CVSS 7.3
CRITICAL Act Now

Session ID generation in Mojolicious::Sessions::Storable through version 0.05 relies on predictable, low-entropy inputs - a SHA-1 hash seeded with Perl's built-in rand(), epoch time, a heap memory address, and the server PID - making session identifiers guessable by a network attacker. Successful exploitation enables session hijacking, allowing an attacker to impersonate authenticated users without possessing their credentials. No public exploit code has been identified and the vulnerability is not listed in CISA KEV, but the flaw is structurally significant on low-traffic, single-worker deployments where PID and timing entropy are minimal.

Information Disclosure Suse
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap out-of-bounds write in OpenEXR 3.4.0 through 3.4.11 lets an attacker who supplies a crafted HTJ2K-compressed EXR file trigger memory corruption during decoding, via an integer overflow in the HTJ2K decoder ht_undo_impl(). Any application that decodes untrusted EXR images using the affected OpenEXRCore library is at risk, with potential for memory corruption and possible code execution. No public exploit has been identified at time of analysis; EPSS risk is low (0.17%, 7th percentile) and CISA SSVC rates exploitation as none.

Integer Overflow Buffer Overflow Openexr +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Stack buffer overflow in Coturn's OAuth token decoder (decode_oauth_token_gcm()) lets remote unauthenticated attackers corrupt the server stack in all versions prior to 4.10.0. An attacker-controlled uint16_t nonce_len value (up to 65535) read from an OAuth access token is passed straight into memcpy() against a 256-byte stack buffer before any AES-GCM authentication, so no OAuth key or valid token is required to write up to 735 bytes past the buffer. Publicly available exploit code exists (SSVC: PoC) but it is not in CISA KEV, EPSS is low at 0.36% (27th percentile), and exploitation is gated on the non-default --oauth mode being enabled.

Buffer Overflow Coturn Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored XSS in Coturn's web-admin HTTPS interface (all versions prior to 4.11.0) allows a TURN-level attacker to inject persistent JavaScript that executes in an authenticated administrator's browser when they view the session list. The attack is staged via a crafted USERNAME value in a TURN Allocate request, bridging the TURN protocol surface into the web-admin UI context. In anonymous deployments (--no-auth), no TURN credentials are required for the injection phase, broadening the exposure; in authenticated deployments the attacker must hold valid TURN credentials. No public exploit has been identified and this vulnerability is not listed in CISA KEV.

XSS Coturn Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy sources that are unsuitable for security purposes.

Information Disclosure Mojolicious Suse
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

WORKDIR symlink traversal in Podman allows a malicious container image to create arbitrary directories - and under a race condition, modify ownership - directly on the host filesystem, breaking container isolation. Affected versions include Podman v5 through 5.7.0, v4 through 4.9.5, and v3 through 3.4.7; the flaw is in the WORKDIR path resolution logic, which fails to confine symlink dereferences to the container's mount namespace. Public proof-of-concept scripts are included in the vendor's GitHub advisory (GHSA-q6r4-3wmg-fwcq); no active exploitation has been confirmed via CISA KEV.

Information Disclosure Docker Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Agent impersonation in Woodpecker CI 3.0.0 through 3.14.0 allows any authenticated agent to assume the identity of any other agent on the same server by injecting a forged agent_id into outgoing gRPC metadata. The server validates the JWT correctly but then trusts the client-supplied agent_id over the cryptographically verified one, enabling cross-tenant job hijacking and integrity compromise of CI pipelines. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Path traversal in libzypp's .repo file processing enables low-privileged network-accessible attackers to write content into arbitrary directories on the host filesystem beyond the intended zypp cache boundary. Affected versions span the 17.x series before 17.38.13 and the 16.x series before 16.22.19, covering systems running SUSE Linux Enterprise and openSUSE derivatives that use zypper as their package manager. The primary real-world impact is disk exhaustion across unexpected filesystem paths, causing a denial of service; no confidentiality impact is attributed in the CVSS assessment. No public exploit or CISA KEV listing has been identified at time of analysis.

Path Traversal Libzypp Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Hostname validation bypass in Node.js (versions 22.22.3, 24.16.0, and 26.3.0) lets attackers smuggle embedded NUL bytes through the dns and net subsystems, truncating a hostname after the NUL so that application-level allowlists, SNI checks, or destination filters validate one host while the runtime resolves or connects to another. The Node.js project rates this specific issue Medium and shipped the fix in its June 2026 security release; there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.28%, 20th percentile), and it is not in CISA KEV. Note a significant signal conflict: the aggregate input score of CVSS 9.8 with an 'Authentication Bypass' tag is far above the vendor's own Medium rating for this CVE and appears to be an inflated pre-NVD auto-score.

Authentication Bypass Node Js Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

TLS SNI context matching in Node.js performs case-sensitive hostname comparison, enabling network-accessible low-privileged attackers to bypass intended server-side TLS context selection by varying the casing of the SNI hostname in a ClientHello message. Affected versions prior to 26.3.1 may serve an incorrect TLS certificate or context when a client sends an SNI value with unexpected casing (e.g., 'EXAMPLE.COM' versus 'example.com'), yielding limited confidentiality and integrity impacts in multi-hostname deployments. No public exploit code or active exploitation has been identified; the fix shipped as part of the Node.js June 2026 coordinated security release alongside ten other CVEs.

Authentication Bypass Node Js Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sensitive information disclosure in Node.js (versions 26.3.0, 24.16.0, and 22.22.3) leaks embedded proxy credentials when a CONNECT tunnel connection fails, because the full proxy URL - including username and password - is included verbatim in the resulting tunnel error message rather than being redacted. Anyone able to read those error strings (application logs, error responses, monitoring/telemetry pipelines) can recover the proxy authentication secret. This is a Medium-rated, post-disclosure security-release fix (fixed in v26.3.1); there is no public exploit identified at time of analysis and EPSS is low at 0.38% (30th percentile).

Information Disclosure Node Js Red Hat +1
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Node.js HTTP/2 lets a remote peer exhaust process memory by driving unbounded growth of the connection's originSet, the structure that tracks origins advertised via HTTP/2 ORIGIN frames. It affects the 22.x, 24.x and 26.x release lines up to and including Node 22.22.3, 24.16.0 and 26.3.0, and is fixed in the June 2026 security release (26.3.1). There is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.51%), but availability impact is rated High.

Denial Of Service Node Js Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial-of-service exposure in Node.js HTTP/2 handling stems from integration defects with the nghttp2 library, addressed in the Node.js 24.17.0 'Krypton' LTS security release on 2026-06-18. Remote, unauthenticated attackers (per CVSS:3.0/PR:N/AV:N) can trigger availability degradation through crafted HTTP/2 traffic exploiting the flawed nghttp2 integration layer. The fix, commit a8a0d12875 in nodejs/node#62891, pairs an nghttp2 bump to version 1.69.0 with corrective integration patches; no public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Resource exhaustion in joserfc (versions 1.3.4-1.6.5) is possible because the RFC7797 unencoded-payload (b64=false) JWS code path skips the configured JWSRegistry.max_payload_length check, while the standard compact and flattened JSON paths correctly raise ExceededSizeError. Remotely submitted, cryptographically valid b64=false JWS tokens with arbitrarily large payloads are deserialized without size enforcement, consuming memory or CPU on the verifying server. No public exploit has been identified and the vulnerability is not in the CISA KEV catalog; a vendor-released fix is available in version 1.6.7.

Python Denial Of Service Joserfc +2
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Cache information disclosure in Undici's shared-mode cache interceptor allows a prior authenticated user's HTTP response to be served to a subsequent, potentially unauthenticated, caller. Applications using Undici's explicit `interceptors.cache()` in shared mode that forward Authorization headers to an upstream which returns Cache-Control headers with whitespace-padded qualified directives (e.g., `private=" authorization"`) are affected across all v7 versions prior to 7.28.0 and all v8 versions prior to 8.5.0. No public exploit has been identified at time of analysis; exploitation is bounded by high attack complexity (CVSS AC:H, score 5.9), but when conditions align, the confidentiality impact is complete.

Canonical Information Disclosure Undici +2
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

HTTP response header injection in undici's cookie parser exposes proxy, middleware, and SSR framework applications to session fixation, open redirect, and cache poisoning. The `parseSetCookie`, `parseCookie`, and `getSetCookies` functions incorrectly percent-decode cookie values using `qsUnescape`, converting encoded sequences such as `%0D%0A` into literal CRLF bytes in violation of RFC 6265 §5.4, which prescribes no such decoding. Any application that fetches from an attacker-controlled upstream and forwards the parsed cookie value into a downstream response header is exploitable; no public exploit has been identified at time of analysis, and patched releases v6.26.0, v7.28.0, and v8.5.0 are available.

Open Redirect Undici Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap buffer over-read in NGINX Plus and NGINX Open Source's ngx_http_charset_module exposes limited worker process memory or triggers a worker restart when remote unauthenticated attackers send crafted requests against a non-default charset conversion configuration. Exploitation requires both a specific dual-directive configuration (source_charset utf-8 alongside a differing charset directive such as koi8-r in the same location block) and content-dependent conditions outside the attacker's direct control, reflected in the CVSS AC:H rating. No public exploit code exists and this CVE does not appear in the CISA KEV catalog; the vendor F5 has published advisory K000161585 with patched version guidance.

Nginx Information Disclosure Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Traefik's Kubernetes Gateway provider exposes internal services (`api@internal`, `dashboard@internal`, `rest@internal`) on the data plane due to a namespace allowlist check evaluated against the wrong variable in multi-backendRef (WRR) HTTPRoute rules. Operators who configured `crossProviderNamespaces` to restrict which namespaces may reference cross-provider `TraefikService` backends find that restriction entirely bypassed for routes with two or more backendRefs, allowing an unprivileged route namespace to expose the Traefik API unauthenticated on the normal web entrypoint. A fully functional end-to-end proof-of-concept was included in the disclosure; no public exploit identifier at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Kubernetes Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Race Condition Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Heap Overflow +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Universal Cross-Site Scripting (UXSS) in the Views component of Google Chrome on Linux (prior to 149.0.7827.155) enables an attacker who has already compromised the renderer process to inject arbitrary scripts or HTML across security origins via a crafted HTML page, breaking Chrome's same-origin policy isolation. This is a post-renderer-compromise escalation step in a multi-stage attack chain, Linux-platform specific, requiring prior renderer RCE as a prerequisite. No public exploit code has been identified at time of analysis; EPSS sits at 0.29% (21st percentile), and CISA SSVC assesses exploitation status as none with partial technical impact.

Google XSS Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Use After Free RCE +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)

Google Chrome Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Google Chrome XSS +2
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Google Chrome Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)

Google Chrome Authentication Bypass +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Race Condition Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Google Chrome Authentication Bypass +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Chrome Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

Google Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Google Privilege Escalation Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Heap Overflow RCE +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: High)

Google Microsoft Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Microsoft Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Digital Credentials component (versions prior to 149.0.7827.155) allows remote attackers to trigger a use-after-free condition by enticing a user to visit a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates this issue as Critical severity, and Google has released a patched stable-channel build; no public exploit identified at time of analysis and EPSS sits at 0.31% (23rd percentile), indicating low predicted near-term exploitation pressure despite the high CVSS of 8.8.

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Microsoft +4
NVD VulDB
HIGH This Week

Denial of service in libtiff v4.7.1 and prior allows processing of a crafted TIFF file containing an abnormally large SamplesPerPixel tag value to crash or hang the affected process. Any application or service that passes attacker-controlled TIFF files through libtiff is potentially vulnerable, including web-based image processors, document converters, and media ingestion pipelines. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at the time of this analysis.

Gitlab Denial Of Service Suse
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Arbitrary file deletion in evolution-data-server's addressbook file backend exposes host filesystem to manipulation by a Flatpak application with D-Bus access. The vulnerability exploits split validation logic: a crafted URI embedding directory traversal sequences (e.g., '../') is accepted without sufficient sanitization during contact creation or modification, but when the same URI is later processed at deletion time, a second, less restrictive check fails to catch the traversal - allowing files outside the intended addressbook directory to be removed. Critically, deletion of Flatpak override files could be leveraged to silently weaken sandbox restrictions for subsequent application runs. No public exploit has been identified at time of analysis.

Path Traversal Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +5
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Processing crafted PDF outlines in pypdf versions prior to 6.13.0 triggers an infinite loop during writer merge operations, causing a denial of service. Applications that accept user-supplied PDFs and merge them using PdfWriter are affected - specifically any code path that calls merge() on a PDF whose /Outlines or /Parent hierarchy contains circular references. No public exploit has been identified at time of analysis and this is not listed in CISA KEV; a vendor-released patch is available as pypdf 6.13.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Infinite loop denial-of-service in pypdf allows an attacker to hang any Python application that processes a crafted PDF using layout-mode text extraction. The vulnerability arises because the `/Parent` hierarchy traversal in `_layout_mode_fonts()` lacked cycle detection, so a circular reference structure in a malicious PDF causes the parser to loop indefinitely. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack surface is broad: any service accepting user-supplied PDFs and passing them to pypdf's layout-mode extraction is potentially affected.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Buffer Overflow Mozilla RCE +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled resource consumption in Mozilla Firefox's Graphics: ImageLib component allows remote attackers to crash or hang the browser by serving specially crafted image content to an unsuspecting user. All Firefox release-channel versions prior to 152 and both ESR tracks (prior to 140.12 and 115.37) are affected, exposing a broad install base across consumer and enterprise environments. No public exploit has been identified, SSVC rates exploitation as none with a non-automatable attack path, and KEV listing is absent - signals that collectively place this vulnerability at lower real-world priority despite a CVSS 6.5 score.

Mozilla Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory safety flaw in the CanvasWebGL graphics component of Mozilla Firefox allows remote attackers to trigger incorrect boundary handling through crafted web content, leading to limited confidentiality, integrity, and availability impact. The issue affects Firefox prior to version 152 and Firefox ESR prior to 140.12, and no public exploit identified at time of analysis. Reported by Mozilla with low complexity and no authentication required (CVSS 7.3).

Mozilla Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Spoofing via CWE-1021 (UI layer restriction failure) in Mozilla Firefox's DOM Core & HTML component allows remote unauthenticated attackers to render deceptive UI content in a victim's browser when they interact with a malicious web page. All Firefox versions prior to 152 are affected. No public exploit has been identified at time of analysis, and CISA SSVC assessment classifies exploitation status as none with partial technical impact, placing real-world urgency below the moderate CVSS score suggests.

Mozilla XSS Suse +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152.

Mozilla XSS Suse +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial-of-service in Mozilla Firefox's Audio/Video Playback component allows a remote attacker to crash or render the browser unresponsive by delivering crafted media content to a victim. All Firefox releases prior to version 152 are affected per CPE coverage. No public exploit has been identified at time of analysis, and SSVC rates exploitation as none with partial technical impact, placing this in the moderate-priority tier rather than an emergency response category.

Mozilla Denial Of Service Suse +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory corruption in the NSS (Network Security Services) Libraries component shipped with Mozilla Firefox allows remote attackers to trigger out-of-bounds memory access via incorrect boundary condition handling, with low impact across confidentiality, integrity, and availability. Mozilla addressed the issue in Firefox 152, with associated advisories MFSA2026-57 and MFSA2026-60. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 152 allows remote unauthenticated attackers to crash the browser by serving crafted web content, resulting in denial of service. The CVSS 3.1 base score of 7.5 reflects high availability impact without confidentiality or integrity loss, and no public exploit identified at time of analysis. Mozilla disclosed the issue via advisories MFSA2026-57 and MFSA2026-60 with a fix shipped in Firefox 152.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attackers to compromise confidentiality and integrity of browser-rendered content without user interaction. The flaw carries a critical CVSS 3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged as an Authentication Bypass class issue, though no public exploit identified at time of analysis. The vulnerability has been patched by Mozilla in Firefox 152 per MFSA2026-57/MFSA2026-60.

Authentication Bypass Mozilla Suse +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent browser security controls, with high impact to confidentiality and integrity. The flaw affects Firefox versions prior to 152 and Firefox ESR prior to 140.12, with no public exploit identified at time of analysis. Given the CVSS 9.1 rating and network-reachable attack vector, any user browsing a malicious page is potentially exposed.

Authentication Bypass Mozilla Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 allows remote attackers to compromise browser memory integrity through crafted web content, with confidentiality impact rated High per the CVSS vector. The flaw stems from a buffer-handling defect (CWE-119) reported by Mozilla itself and addressed across multiple security advisories (MFSA2026-57, -58, -60, -61). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Sandbox escape with information disclosure in Mozilla Firefox's Process Sandboxing component allows a remote attacker to break out of the browser sandbox and read sensitive data from the host environment when a user visits attacker-controlled content. Affected versions span all Firefox releases prior to 152 and all Firefox ESR releases prior to 140.12, patched by Mozilla in mfsa2026-57 and mfsa2026-58. No public exploit identified at time of analysis and SSVC signals no current exploitation activity, keeping real-world urgency at moderate priority despite the scope-changing nature of the flaw.

Privilege Escalation Mozilla Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 stems from a memory safety bug (CWE-119) that remote attackers can trigger via crafted web content. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, consistent with a browser crash rather than reliable code execution. No public exploit identified at time of analysis, and Mozilla has shipped fixes across multiple advisories (MFSA2026-57, -58, -60, -61).

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Authentication Bypass Mozilla Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds read in Firefox's WebGPU graphics component exposes browser memory contents to remote attackers who can lure a user to a malicious webpage. All Firefox versions prior to 152 are affected, with the vulnerability stemming from incorrect boundary conditions during GPU-accelerated rendering operations. No public exploit or active exploitation has been identified at time of analysis; exploitation requires user interaction, limiting opportunistic mass exploitation despite the zero-authentication requirement on the attacker side.

Mozilla Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

Authentication Bypass Mozilla Red Hat +1
NVD VulDB
Prev Page 7 of 104 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy