CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2 days ago•4 views

CVE-2026-10958

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score0.0008EPSS

CVE•added 2 days ago•6 views

CVE-2026-10946

CVE-2026-10946 is a heap-buffer-overflow in Chrome's Media stack, fixed in Chrome 149.0.7827.53. The vulnerability could allow remote code execution inside a sandbox when a user is convinced to perform specific UI gestures on a crafted HTML page. Affected product: Google Chrome (pre-149.0.7827.53...

7.5CVSS6.4AI score0.00071EPSS

Cvelist•added 2 days ago•23 views

CVE-2026-10946

Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.00071EPSS

CVE-2026-10942

Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. Chromium security severity: High...

5.8AI score0.00007EPSS

Debian CVE•added 2 days ago•6 views

CVE-2026-10932

Use after free in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.6AI score0.00068EPSS

Exploits0

Vulnrichment•added 2 days ago•5 views

CVE-2026-10906

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00084EPSS

CVE-2026-10901

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

6.2AI score0.0008EPSS

Vulnrichment•added 2 days ago•6 views

CVE-2026-10900

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00068EPSS

CVE•added 2 days ago•6 views

CVE-2026-10873

The CVE-2026-10873 entry pertains to Shibby Tomato 1.28.0000, where the rstats_path function in /bin/rstats of the Web UI is vulnerable. The underlying issue enables an os command injection, with remote attack potential. Public exploit details exist per the connected CVE listing, and the project ...

Exploits0References7

CVE-2026-10873 Shibby Tomato Web UI rstats rstats_path os command injection

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

Cvelist•added 2 days ago•26 views

Exploits0References7

CVE-2026-10873 Shibby Tomato Web UI rstats rstats_path os command injection

NVD•added 2 days ago•6 views

Exploits0References7

CVE-2026-10871

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...

Cvelist•added 2 days ago•24 views

CVE-2026-10872 Shibby Tomato Web UI rc start_vpnserver os command injection

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-10872 Shibby Tomato Web UI rc start_vpnserver os command injection

CVE•added 2 days ago•5 views

CVE-2026-10872

CVE-2026-10872 affects Shibby Tomato 1.28.0000 Web UI: the start_vpnserver function in /sbin/rc is vulnerable to remote OS command injection. Exploit published; impact is high (C/I/A). Privileges required: HIGH; no user interaction. Superseded by FreshTomato.

Vulnrichment•added 2 days ago•4 views

CVE-2024-27891 On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.

On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied...

6.9CVSS5.5AI score0.00125EPSS

Exploits0References1

Cvelist•added 2 days ago•26 views

CVE-2026-10871 Shibby Tomato Web UI rc start_6rd_tunnel os command injection