CVE-2026-11975

CVE-2026-11975 : In SimplCommerce, stored XSS occurs in the NewsItemApiController before commit 6142d3b5, allowing an authenticated administrator to inject JavaScript via ShortContent and FullContent that are stored without HTML sanitization and rendered with Html.Raw(). Affected: News module adm...

SUSE CVE-2026-12299

JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

CVE-2026-12469

CVE-2026-12469 affects Google Chrome on Android, where an uninitialized use in the GPU could allow a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability lies in the GPU component, with the affected version range prior to 149.0.7827.155. Remediation is to update to...

CVE-2026-12469

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-12468

CVE-2026-12468: A race in Chrome Mac updater allows a remote attacker (with renderer access) to potentially escape the sandbox via a crafted HTML page. Affected: Google Chrome on macOS prior to 149.0.7827.155. Impact: High. Mitigation: update to 149.0.7827.155 or later (per linked Chrome security...

CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-12465

CVE-2026-12465 affects Google Chrome Metrics: an Object lifecycle issue in Chrome prior to 149.0.7827.155 allows a renderer-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. Patch: update to Chrome 149.0.7827.155 or newer. Exploitation details are not describe...

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-12465

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-12466

Summary (CVE-2026-12466) : A heap buffer overflow in WebRTC within Google Chrome on Windows before version 149.0.7827.155 allows remote code execution via a crafted HTML page. Multiple connected sources corroborate the Windows/WebRTC/chrome vector and fixed version, signaling a high-severity Chro...

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-12465

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-12464

CVE-2026-12464 : A use-after-free in the Google Chrome renderer before 149.0.7827.155 may allow a remote attacker who compromises the renderer to escape the sandbox via a crafted HTML page, per multiple sources. Affected software is Chrome browsers with the vulnerable Chromium component; the issu...

CVE-2026-12464

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-12463

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

CVE-2026-12462

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-12461

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-12457

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-12455

CVE-2026-12455 describes a Use-After-Free in Chrome’s Tab Strip, where a remote attacker could trigger heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page. The issue affects Google Chrome prior to version 149.0.7827.155. Several connected sources (EUVD, DEB...