CVE-2026-11302

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11208

The CVE-2026-11208 issue affects Google Chrome (Codecs) and is caused by a use-after-free vulnerability in Codecs, exploitable via a crafted HTML page to leak potentially sensitive data from process memory. Affected products are Chrome versions before 149.0.7827.53. The impact is information disc...

CVE-2026-11204

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11177

Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11162

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11091

Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11080

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11042

Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10995

Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10900

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10891

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10886

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10875

The CVE-2026-10875 entry affects projectworlds Online Art Gallery Shop Project 1.0. The vulnerability is in an unknown function of the file /admin/adminHome.ph; manipulating the social_twitter argument causes SQL injection. A remote attack is possible, and the exploit has been released publicly. ...

CVE-2026-10874 projectworlds Online Art Gallery Shop Project adminHome.php sql injection

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

CVE-2026-10873

The CVE-2026-10873 entry pertains to Shibby Tomato 1.28.0000, where the rstats_path function in /bin/rstats of the Web UI is vulnerable. The underlying issue enables an os command injection, with remote attack potential. Public exploit details exist per the connected CVE listing, and the project ...

CVE-2026-10873 Shibby Tomato Web UI rstats rstats_path os command injection

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-10870

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

CVE-2026-10870

CVE-2026-10870 affects Shibby Tomato 1.28.0000 Web UI, specifically the start_dhcpc function in /sbin/rc. The stored description indicates an os command injection vulnerability that can be triggered remotely, with an exploit published. The project is superseded by FreshTomato. No remediation deta...

EUVD-2026-34323

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...