CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•7 views

CVE-2026-13032

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS

NVD•added yesterday•6 views

CVE-2026-13028

9.6CVSS

NVD•added yesterday•4 views

CVE-2026-13025

Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS

CVE•added yesterday•12 views

CVE-2026-13036

The CVE-2026-13036 entry documents a use-after-free in Blink of Google Chrome before 149.0.7827.197, enabling a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected component: Blink (Chromium-based crawler). Root cause: use-after-free in Blink logic; impa...

8.8CVSS6.3AI score

Cvelist•added yesterday•16 views

CVE-2026-13025

EUVD•added yesterday•4 views

EUVD-2026-39040

8.3CVSS5.9AI score

CVE•added yesterday•9 views

CVE-2026-13025

CVE-2026-13025 describes a race in DevTools of Google Chrome prior to 149.0.7827.197 that could allow a remote attacker, who already compromised the renderer process, to potentially escape the sandbox via a crafted HTML page. The issue is rated High (CVSS v3.1: AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H...

8.3CVSS5.9AI score

CVE•added yesterday•7 views

CVE-2026-13032

CVE-2026-13032: A use-after-free vulnerability in WebGL on Google Chrome for Android (prior to 149.0.7827.197) could allow a remote attacker to perform a sandbox escape via a crafted HTML page. Impact is labeled Critical . Affected component: WebGL/Chromium stack; root cause is use-after-free. Th...

EUVD•added yesterday•4 views

EUVD-2026-39033

Cvelist•added yesterday•15 views

CVE-2026-13032

CVE•added yesterday•16 views

CVE-2026-13028

CVE-2026-13028 is a use-after-free in WebGL of Google Chrome on Android, prior to version 149.0.7827.197, that could allow a remote attacker to sandbox-escape via a crafted HTML page. Severity is Critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The available connected documents reiterate...

EUVD•added yesterday•4 views

EUVD-2026-39032

Cvelist•added yesterday•15 views

CVE-2026-13028

Cvelist•added yesterday•13 views

CVE-2026-48789 AnythingLLM: Windows path containment bypass in document folder route

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared...

4.3CVSS0.00042EPSS

EUVD•added yesterday•5 views

EUVD-2026-38762

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent...

5CVSS6.2AI score

CVE•added yesterday•6 views

CVE-2026-57282

The CVE-2026-57282 entry applies to Jenkins Git client Plugin versions 6.6.0 and earlier. The issue is improper escaping of the workspace directory name when inserted into a generated SSH wrapper script, enabling an attacker who can control the build’s working directory name to execute arbitrary ...

5CVSS6.2AI score

Cvelist•added yesterday•22 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...