CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 CVSS score: 7.8 - An improper encoding...

Linux Distros Unpatched Vulnerability : CVE-2026-11649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2026-11645

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34385

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-10963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-10964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-10910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2026-10989

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-10936

This CVE describes a Type Confusion in V8 within Google Chrome prior to 149.0.7827.53 that allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affected component: the V8 engine used by Chrome. Root cause: a type confusion in V8 handling, leading ...

CVE-2026-10935

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-10910

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-9896

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-10022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary cod...

DEBIAN-CVE-2026-9938

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-8570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a...

Linux Distros Unpatched Vulnerability : CVE-2026-7936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Object lifecycle issue in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-7902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTM...

CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

SUSE CVE-2026-7337

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-7337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...