252548 matches found
CVE-2026-13830
CVE-2026-13830 affects Chromoting in Google Chrome on Linux, with a use-after-free vulnerability that could allow a remote attacker to execute arbitrary code via malicious network traffic. Version 150.0.7871.47 and later mitigates the issue; upgrade to the referenced stable release to patch. The ...
CVE-2026-13821
CVE-2026-13821 affects Google Chrome. A use-after-free in Canvas allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Vulnerable are Chrome versions prior to 150.0.7871.47. Impact is high. The issue is mitigated by upgrading to Chrome 150.0.7871.47 or new...
CVE-2026-13815
CVE-2026-13815‑ Use-after-free in Blink within Google Chrome before 150.0.7871.47 enables remote code execution in a sandbox via a crafted HTML page. Affected: Chrome/Blink; Root cause: use-after-free. Impact: arbitrary code execution in sandbox. Remediation: patch to 150.0.7871.47 or newer (as p...
CVE-2026-13811
CVE-2026-13811 describes a Use-After-Free in the IME of Google Chrome, allowing remote code execution via a crafted HTML page in Chrome versions prior to 150.0.7871.47 (Chromium). The connected Chrome update note indicates fixes were delivered in the stable channel update for Chrome 150/151, with...
CVE-2026-13807
CVE-2026-13807 : Use-after-free in Import in Google Chrome on iOS, affected up to version 150.0.7871.47. A remote attacker could exploit UI gestures by convincing a user to engage with a malicious file to execute arbitrary code. Related records confirm the vulnerability, with severity listed as H...
CVE-2026-13805
CVE-2026-13805 is a Use-After-Free in GFX within Google Chrome on macOS, reported for versions prior to 150.0.7871.47. The issue, described as a use-after-free in GFX, could allow a remote attacker to cause arbitrary code execution via a crafted HTML page. Connected sources confirm the vulnerabil...
CVE-2026-13802
CVE-2026-13802 : Use-after-free in Chrome’s Views (Chromium) allows remote code execution via a crafted HTML page when a user performs specific UI gestures. Affected product: Google Chrome. Root cause: Use-after-free in Views. Vulnerable version: prior to 150.0.7871.47. Remediation: Chrome 150.0....
CVE-2026-13794
CVE-2026-13794 : In Google Chrome on Windows, the vulnerability lies in insufficient validation of untrusted input in WebAppInstalls , exploitable via a crafted HTML page after persuading a user to perform certain UI gestures. Affected versions are Chrome prior to 150.0.7871.47 . The issue could ...
CVE-2026-13788
CVE-2026-13788 is a Use-after-free in the Fullscreen feature of Google Chrome on Android, prior to version 150.0.7871.47. The vulnerability is listed as Critical and can allow a remote attacker to execute arbitrary code via a crafted HTML page. The public records show Chrome 150/151 updates addre...
CVE-2026-13786
CVE-2026-13786: Use-after-free in Ozone within Google Chrome allows remote code execution via a crafted HTML page. Affected: Ozone component in Chrome prior to 150.0.7871.47 (Linux 151 with fixes noted in the June 2026 Stable Channel update). Remediation: update Chrome to the patched version (e.g...
CVE-2026-13787
CVE-2026-13787: Use-after-free in Chromoting (Chrome) on Windows allows remote code execution via malicious network traffic. Affected: Google Chrome prior to 150.0.7871.47. Root cause: use-after-free in Chromoting. Mitigation: update to Chrome 150.0.7871.47 or newer where the fix is applied.
CVE-2026-13779
CVE-2026-13779 affects Chromoting in Google Chrome on ChromeOS, before version 150.0.7871.47. The vulnerability is a use-after-free in Chromoting that could allow a remote attacker to execute arbitrary code via malicious network traffic. Affected product: Google Chrome (Chromoting component) on C...
CVE-2026-56700
Grav CMS (before 2.0.0-beta.2) contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session deserialize untrusted data, enabling PHP object injection and, via a gadget chain, arbitrary code execution when ...
CVE-2025-71371
CVE-2025-71371 affects picklescan
CVE-2025-71368
Summary: CVE-2025-71368 affects picklescan prior to 0.0.30, which fails to detect the doctest.debug_script function when analyzing pickle files. This allows remote attackers to craft malicious pickle payloads embedding doctest.debug_script that bypass picklescan detection and trigger arbitrary co...
CVE-2025-71352
The CVE-2025-71352 entry affects the Python-based tool picklescan (pre-0.0.29). The issue: picklescan fails to detect the built-in Python function trace.Trace.runctx when it is used inside pickle file reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection ...
CVE-2025-71350
CVE-2025-71350 concerns the Python package picklescan, with version pre-0.0.28 vulnerable. The issue arises because picklescan fails to detect malicious pickle payloads that leverage torch.utils.collect_env.run within reduce methods, enabling attackers to embed code in pickle files that may execu...
CVE-2026-58449
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...
EUVD-2026-40406
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...
CVE-2026-13759
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...