1227 matches found
CVE-2026-13909
CVE-2026-13909 refers to insufficient policy enforcement in Google Chrome DevTools, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page in Chrome versions before 150.0.7871.47. The vulnerability is described across multiple...
CVE-2026-13905
Chrome for iOS on Google Chrome (iOS) is affected by a race in versions prior to 150.0.7871.47, allowing a local attacker with physical access to potentially read confidential data from process memory. The issue is documented across CVE-2026-13905 and EUVD-2026-40591. Remediation is to upgrade to...
CVE-2026-13899
Use after free in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13818
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...
CVE-2026-13814
CVE-2026-13814 affects Google Chrome (Views) with use-after-free in the rendering/Views UI path, prior to 150.0.7871.47. Root cause: use-after-free leading to potential heap corruption. Attack flow requires user interaction (specific UI gestures) and a crafted HTML page; impact is high confidenti...
CVE-2026-13782
Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
PT-2026-54156
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Bluetooth component. This allows an attacker located on the same local network segment to retrieve potentially sensitive information from the proces...
PT-2026-54248
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Paint component allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...
PT-2026-54318
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the GetUserMedia function. This flaw allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape b...
PT-2026-54127
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input allows a local attacker to execute arbitrary code inside a sandbox by using a malicious file. Recommendations Update Google Chrome on i...
PT-2026-54154
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in ANGLE allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via...
CVE-2026-57923
JetBrains YouTrack (before 2026.2.16593) is affected by CVE-2026-57923 due to improper authorization in the app configurations endpoint, which allowed modifying project settings. Root cause: inadequate access checks on the app configurations endpoint. Documented impact: potential unintended chang...
CVE-2026-40082 Cacti: Session Fixation via missing session_regenerate_id() after login
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...
CVE-2026-46734
Dell DDPM Mac is affected by CVE-2026-46734: an Improper Certificate Validation in DDPM Mac versions prior to 2.3. The issue allows a local, low-privilege attacker (requires user interaction) to bypass protections, with potential impact on confidentiality, integrity, and availability (CVSSv3.1: 7...
CVE-2025-60467
GPAC Project/MP4Box prior to 26.02.0 is affected by a use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c). The issue can allow a Denial of Service when processing a crafted media file. The vulnerability is confirmed across multiple sources (NVD, CVE reco...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
CVE-2026-56214
Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...
EUVD-2026-37518
Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12465
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12438
The CVE-2026-12438 entry corresponds to an issue in WebView for Google Chrome on Android, where an attacker who compromised the renderer process could escape the browser sandbox via a crafted HTML page. Affected product/vector: Android WebView in Chrome; root cause: inappropriate implementation i...