252948 matches found
EUVD-2026-40534
Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40541
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40497
Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40491
Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40488
Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40507
Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40480
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40501
Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40472
Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-40465
Use after free in Chromoting in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...
EUVD-2026-40473
Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...
EUVD-2026-40474
Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-40418
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...
EUVD-2025-210387
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...
EUVD-2025-210389
picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...
EUVD-2026-40863
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to execute arbitrary code via the register function in inc/auth.php...
CVE-2026-51946
CVE-2026-51946 describes a SQL injection vulnerability in the GoAdminGroup GoAdmin project (GoAdmin) affecting the last release, v1.2.26. The issue, exploitable via the __sort_type URL parameter on all /admin/info/{table} endpoints, could allow a remote attacker to execute arbitrary code and disc...
DEBIAN-CVE-2026-14149
Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14149
Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14121
Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Low...