CVE-2026-11173

Out of bounds write in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11050

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11050

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10991

CVE-2026-10991 is a use-after-free in V8 affecting Google Chrome prior to 149.0.7827.53. The vulnerability could allow a remote attacker to execute arbitrary code inside the browser sandbox if a user is tricked into performing specific UI gestures on a crafted HTML page. This is tied to the V8 en...

CVE-2026-10991

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10989

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-10987

Summary: A vulnerability in Google Chrome’s V8 engine allows remote code execution via a crafted HTML page, caused by an integer overflow. This affects Chrome versions prior to 149.0.7827.53. The issue enables sandbox-exploiting code execution without demonstrated exploitation details in the prov...

CVE-2026-10964

CVE-2026-10964 concerns Google Chrome’s V8 engine, where an integer overflow vulnerability existed in versions prior to 149.0.7827.53. The issue could allow a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affected component: V8 in Chrome/Chromium. R...

CVE-2026-10963

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-10963

CVE-2026-10963 : Integer overflow in V8 (Chromium) affects Google Chrome before 149.0.7827.53. A crafted HTML page could allow a remote attacker to execute arbitrary code inside the browser sandbox. Affected component: V8 in Chrome; root cause: integer overflow. Impact: high, including potential ...

CVE-2026-10936

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-10935

CVE-2026-10935: Type Confusion in Google Chrome’s V8 engine (Chromium) prior to 149.0.7827.53. A crafted HTML page enables a remote attacker to execute arbitrary code inside the sandbox. Affected product: Google Chrome/Chromium with V8. Root cause: type confusion in V8. Impact: remote code execut...

CVE-2026-10910

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

ROOT-APP-NPM-GHSA-5C6J-R48X-RMVQ GHSA-5c6j-r48x-rmvq in @rootio/serialize-javascript - Patched by Root

Root has patched GHSA-5c6j-r48x-rmvq in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-34043 CVE-2026-34043 in @rootio/serialize-javascript - Patched by Root

Root has patched CVE-2026-34043 in the @rootio/serialize-javascript package for Root:npm. Multiple fixed versions available...

Shopware SSO referer trust leading to an arbitrary redirect target

Description This report describes an open redirect in Shopware's public SSO entry point at GET /api/oauth/sso/auth. When the endpoint is reached without the expected SSO session state, the application falls back to the request's Referer header and uses that value as the redirect destination. In t...

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

GHSA-C8H8-VQ34-9FW2 WWBN AVideo: Stored XSS via unescaped Gallery category description

Summary AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page. Th...

EUVD-2026-33304

WWBN AVideo: Stored XSS via unescaped Gallery category description...

WWBN AVideo: Stored XSS via unescaped Gallery category description

Summary AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page. Th...