CVE-2026-7946

Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7947

Insufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7945

CVE-2026-7945 refers to insufficient validation of untrusted input in Cross-Origin Opener Policy (COOP) for Google Chrome. A remote attacker who has compromised the renderer process could bypass site isolation by presenting a crafted HTML page, affecting Chrome versions prior to 148.0.7778.96. Pu...

CVE-2026-7947

CVE-2026-7947 affects Google Chrome prior to 148.0.7778.96. The issue is insufficient validation of untrusted input in Chrome’s Network component, enabling a renderer-compromised remote attacker to spoof UI via a crafted HTML page. Impact is UI spoofing with low confidentiality/integrity/availabi...

CVE-2026-7934

Insufficient validation of untrusted input in Popup Blocker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7916

Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7914

Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7905

CVE-2026-7905 affects Google Chrome on Android prior to version 148.0.7778.96. The issue is insufficient validation of untrusted input in Media, which, if a renderer was compromised by a crafted HTML page, could enable a sandbox escape. The connected sources (NVD/NVDiOS, Debian OSV, ENISA EUVD, D...

CVE-2026-6787

The CVE-2026-6787 issue affects WatchGuard Agent on Windows prior to version 1.25.03.0000. It is a local, low-privilege vulnerability caused by a hard-coded cryptographic key that allows inclusion of code into an existing process, with high impact to confidentiality, integrity, and availability. ...

CVE-2026-6787 Usage of a hard-coded cryptographic key in WatchGuard Agent allows inclusion of code into existing process

Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000...

CVE-2026-43102

A flaw was found in the Linux kernel's Airoha network driver. An error in the airohaqdmarxprocess function, which handles received data, can occur when processing subsequent data buffers. This error prevents memory fragments from being properly returned to the system's memory pool, leading to a...

EUVD-2026-27823

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

BIT-JAVA-MIN-2026-20635

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

BIT-JAVA-2026-20608

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

BIT-JAVA-MIN-2025-50063

Vulnerability in Oracle Java SE component: Install. The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks...

CVE-2026-5081

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

EUVD-2026-27666

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

EUVD-2026-27552

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...

CVE-2026-43271

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

CVE-2026-43232

In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync T-series card is being detached, the fstcardinfo is deallocated in fstremoveone. However, the fsttxtask or fstinttask may still be running ...