CVE-2026-50590

Mimecast Incydr vulnerability CVE-2026-50590 affects versions before 2.6.0, enabling arbitrary file access. The provided documents do not specify the underlying root cause, affected components, or a remediation. No exploitation details are given. Action: monitor for updates and vendor advisories ...

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be leveraged to access these API functions, enabling access to browser history information and the ability to open or close tabs...

CVE-2026-10878

Summary of vulnerability : CVE-2026-10878 affects D-Link DWR-M920 firmware versions 1.1.50 and 1.1.70. The issue resides in the function sub_41C8E8 of /boafrm/formSmsManage, where manipulation of the argument action_value leads to a command injection . The vulnerability enables remote exploitatio...

CVE-2020-25900

Affected software: HelloTalk (up to version 3.4.1). Vulnerability summary: The app stores full‑precision GPS coordinates even when a user intends to share only a country or city, and these coordinates are placed into a client‑side database that is stored on other users’ devices. The client databa...

CVE-2026-36785

CVE-2026-36785 affects Tenda FH451 V1.0.0.9. A stack overflow in the fromDhcpListClient function’s handling of the page parameter can cause a Denial of Service via a crafted HTTP request. Public sources in the provided documents confirm the vulnerable component/function and the DoS impact; no rem...

CVE-2026-37737

Sanic-Cors 2.2.0 and earlier versions contain an improper regular expression in the try_match() function of sanic_cors/core.py that uses re.match without end anchoring. This allows bypassing CORS origin allowlists by registering a domain that starts with a trusted origin string, leading to unauth...

CVE-2026-38579

CVE-2026-38579 affects damasac/thaipalliative_lte (up to version 3.0). The issue is multiple reflected XSS vulnerabilities in /substudy/ezform.php, where user input parameters idFormMain, id, and ptid_key are echoed into HTML attributes and JavaScript contexts without encoding. Public records sum...

CVE-2026-36500

The CVE-2026-36500 vulnerability affects the cluster-admin:backup-datastore component of Controller v12.0.5, where a crafted request can trigger a directory traversal. This is described across multiple sources (NVD/CVE listings, AttackersKB, CVE list, EUVD) as a vulnerability in that component, w...

CVE-2026-36501

CVE-2026-36501 affects Controller v12.0.5 in the Externalizable.readExternal() component. The issue allows an attacker to trigger a Denial of Service by supplying a crafted input, as described across multiple sources (Red Hat, NVD, CVE lists, and vendor/third-party references). No exploitation de...

CVE-2026-50589

In the provided documents, CVE-2026-50589 affects OpenStack Ironic 32 prior to 37.0.0. The underlying issue is that an unauthenticated malicious user can submit a crafted JSON string to certain API/JSON-RPC endpoints, leading to a service crash. The reports consistently reference the same conditi...

CVE-2026-10877

CVE-2026-10877 concerns SourceCodester Ship Ferry Ticket Reservation System (up to 1.0) with an issue in the Admin Login component. The vulnerability resides in the /admin/login.php handling of the Username argument, enabling a SQL injection. The flaw is exploitable remotely, and the exploit has ...

CVE-2026-10876

CVE-2026-10876 affects SourceCodester Ship Ferry Ticket Reservation System 1.0. The vulnerability is described as an improper authorization due to manipulation of an argument on an endpoint under /admin/, with the affected function being unknown. It allows remote exploitation and the exploit has ...

CVE-2026-10586

The CVE describes a Server-Side Request Forgery in the Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns WordPress plugin. Affected software: WordPress plugin, versions up to and including 6.1.3. Vulnerable component: save_ai_generated_image() function. Root cause: CSRF-li...

CVE-2026-11309

CVE-2026-11309 affects Google Chrome (Chromium-based) where insufficient policy enforcement in History permits a remote attacker to spoof UI via a crafted HTML page. Affected versions before 149.0.7827.53 are vulnerable; Chrome 149.0.7827.53 and later mitigate. Root cause is policy enforcement ga...

CVE-2026-11307

CVE-2026-11307 describes a use-after-free in PDFium used by Google Chrome prior to 149.0.7827.53, enabling a remote attacker to execute arbitrary code inside the sandbox via a crafted PDF file. Affected software: Google Chrome (PDFium component). Root cause: use-after-free in PDFium lead to code ...

CVE-2026-11306

CVE-2026-11306 (Google Chrome) is a use-after-free in PDFium that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted PDF file, affecting Chrome versions prior to 149.0.7827.53. The vulnerability is described across multiple sources as a PDFium issue leading to pot...

CVE-2026-11308

Summary : CVE-2026-11308 describes an insecure implementation in Google Chrome’s Extensions handling prior to version 149.0.7827.53. Affected software/area : Google Chrome — Extensions module. Root cause : Inappropriate implementation in Extensions, enabling privilege escalation. Impact : An atta...

CVE-2026-11305

CVE-2026-11305 describes a use-after-free in PDFium used by Google Chrome prior to 149.0.7827.53, allowing remote code execution inside the sandbox via a crafted PDF file. Affected component: PDFium within Chrome/Chromium; vulnerability type: use-after-free. Impact as documented: high for confide...

CVE-2026-11304

CVE-2026-11304: Use-after-free in PDFium affecting Google Chrome prior to 149.0.7827.53. A crafted PDF could trigger heap corruption. Impact is tied to PDF rendering in Chrome; mitigation is to update Chrome to the patched build (149.0.7827.53+). If exploitation details are not present in the pro...

CVE-2026-11303

Concisely: Affects Google Chrome (PDFium) with a use-after-free in PDFium when handling crafted PDFs, enabling remote code execution inside the sandbox. Vulnerable in Chrome versions prior to 149.0.7827.53; mitigation is to upgrade to 149.0.7827.53 or later. No exploitation/weaponization details ...

CVE-2026-11301

In Google Chrome, the LiveCaption feature has an inappropriate implementation that could allow a remote attacker to cause out-of-bounds memory access via malicious network traffic. Affected product: Google Chrome (LiveCaption). Root cause: improper handling in LiveCaption code leading to memory a...

CVE-2026-11302

CVE-2026-11302 affects Chrome on iOS (Google Chrome) prior to version 149.0.7827.53. The issue is caused by insufficient policy enforcement in the browser, allowing a remote attacker to bypass discretionary access control via a crafted HTML page. Impact is described as a partial elevation of acce...

CVE-2026-11299

CVE-2026-11299 describes an integer overflow in the Fonts component of Google Chrome prior to 149.0.7827.53. A remote attacker could cause memory information disclosure by rendering a crafted HTML page. The issue affects Chrome/Chromium’s font handling and was addressed in the Chrome update refer...

CVE-2026-11300

The CVE-2026-11300 entry concerns Google Chrome. Affected software is Chrome prior to version 149.0.7827.53, where an inappropriate implementation in Permissions allows a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is described as Low severity (Chromium secur...

CVE-2026-11297

CVE-2026-11297 : In Google Chrome on Android, Reader Mode suffers from insufficient validation of untrusted input, allowing a local attacker to bypass navigation restrictions via a malicious file. The issue affects Chrome versions prior to 149.0.7827.53; updating to 149.0.7827.53 or later is the ...

CVE-2026-11298

CVE-2026-11298 affects Chrome for iOS (Google Chrome on iOS). The vulnerability arises from an inappropriate implementation that allows a remote attacker to bypass the same-origin policy via a crafted HTML page on affected builds prior to version 149.0.7827.53. The CVSS vector indicates Network a...

CVE-2026-11296

The CVE-2026-11296 entry concerns the Google Chrome ImageCapture component. Affected software: Google Chrome prior to version 149.0.7827.53. Root cause: Inappropriate implementation in ImageCapture enables a remote attacker who has already compromised the renderer process to escalate privileges v...

CVE-2026-11295

The CVE-2026-11295 entry concerns Google Chrome on Android WebView, where an inappropriate implementation allows privilege escalation via a crafted HTML page. Affected component: WebView in Chrome for Android; root cause described as an “inappropriate implementation” without deeper details in the...

CVE-2026-11294

CVE-2026-11294 affects Google Chrome (Chromium-based) Passwords UI handling. The issue is described as an inappropriate implementation in Passwords that enables a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is associated with versions prior to 149.0.7827.53, ...

CVE-2026-11291

Technical details are not publicly available in the provided documents. Monitoring for updates is advised; current descriptions reference Android Autofill in Chrome prior to 149.0.7827.53 with a Chromium security severity rating of Low, but no concrete exploit/impact details are provided.

CVE-2026-11293

CVE-2026-11293 affects Google Chrome (desktop) with Chromium, involving a use-after-free in Input that could allow a remote attacker to potentially escape the sandbox via a crafted HTML page. The issue references Chrome versions prior to 149.0.7827.53 and indicates the vulnerability is tied to th...

CVE-2026-11292

CVE-2026-11292 : A CSP bypass vulnerability in Blink used by Google Chrome prior to 149.0.7827.53 allows remote attackers to bypass content security policy through a crafted HTML page. Affected component is Blink in Chrome/Chromium; exploitation is possible over the network with user interaction ...

CVE-2026-11289

Affected software: Google Chrome (Chromium); component: Paint. Vulnerable until Chrome version 149.0.7827.53. Issue: side-channel information leakage allowing a remote attacker to exfiltrate cross-origin data via a crafted HTML page. Root cause details are not explicitly stated in the provided do...

CVE-2026-11290

CVE-2026-11290 describes an integer overflow in Android WebView used by Google Chrome, affecting Chrome on Android up to version before 149.0.7827.53. The vulnerability allows a local attacker to trigger a denial of service by processing a malicious file. The available description states the issu...

CVE-2026-11288

The CVE-2026-11288 entry concerns Google Chrome’s CSS policy enforcement. Affects Chrome prior to build 149.0.7827.53, where insufficient policy enforcement in CSS could allow a remote attacker to leak cross-origin data via a crafted HTML page. From the connected sources, the vulnerability is tie...

CVE-2026-11287

CVE-2026-11287 : Google Chrome on Android is affected (before 149.0.7827.53). The issue is insufficient policy enforcement in Navigation, allowing a renderer-compromised page to bypass navigation restrictions via a crafted HTML page. Root cause: policy enforcement gap in navigation. Impact per CV...

CVE-2026-11286

The CVE-2026-11286 issue affects Google Chrome, specifically the Wallet component. It involves insufficient validation of untrusted input in Wallet, allowing a remote attacker who has already compromised the renderer process to perform UI spoofing via a crafted HTML page. Impact is UI spoofing wi...

CVE-2026-11285

CVE-2026-11285 describes an insecure/incorrect implementation in Chrome for iOS (Google Chrome on iOS) before version 149.0.7827.53, which allowed a remote attacker to perform UI spoofing via a crafted HTML page. The underlying issue is labeled as an inappropriate implementation. The impact is UI...

CVE-2026-11284

CVE-2026-11284 affects Google Chrome’s PerformanceAPIs. A side‑channel information leakage vulnerability allows a remote attacker to exfiltrate cross‑origin data via a crafted HTML page in Chrome builds before 149.0.7827.53. The issue is described as a low severity cross‑origin information disclo...

CVE-2026-11283

The CVE-2026-11283 entry concerns Google Chrome on macOS where Shortcuts mishandles untrusted input due to insufficient validation, allowing a remote attacker to bypass navigation restrictions via a malicious file. Affected product/version: Chrome for macOS, before 149.0.7827.53. Root cause: inad...

CVE-2026-11282

CVE-2026-11282 affects Google Chrome on Linux. The issue is insufficient policy enforcement in the Sandbox, potentially allowing a sandbox escape via a crafted HTML page on versions prior to 149.0.7827.53. The reported impact is a high-risk security bypass leading to full exposure of the host, wi...

CVE-2026-11280

The vulnerability CVE-2026-11280 affects Google Chrome on iOS (pre-149.0.7827.53). It arises from an inappropriate implementation in Sign-in, allowing a remote attacker to perform UI spoofing through a crafted HTML page. The issue is described with Chromium security severity: Low. The available c...

CVE-2026-11279

CVE-2026-11279 affects Google Chrome DevTools; an out-of-bounds read in DevTools could allow a remote attacker to run arbitrary code inside the browser sandbox via a crafted HTML page. Affected version range is Chrome versions before 149.0.7827.53. The issue is described with Chromium security se...

CVE-2026-11281

CVE-2026-11281 is a local vulnerability affecting Google Chrome on Windows, where an integer overflow in Chromoting could allow a local attacker to read potentially sensitive data from process memory via a crafted ETW event. The issue is described as having low Chromium security severity, with a ...

CVE-2026-11278

The CVE-2026-11278 entry concerns Google Chrome for Android’s CustomTabs. A flawed implementation in CustomTabs prior to version 149.0.7827.53 allows a local attacker to leak cross-origin data via a crafted HTML page. Affected: CustomTabs in Chrome on Android (pre-149.0.7827.53). Root cause: inap...

CVE-2026-11277

CVE-2026-11277 affects Chrome for iOS (Google Chrome on iOS) prior to 149.0.7827.53. The issue is insufficient policy enforcement that could allow a remote attacker to bypass discretionary access control via a crafted HTML page. The Chromium security severity is rated Low, with the base CVSS v3.1...

CVE-2026-11275

CVE-2026-11275 affects Google Chrome on Android (pre-149.0.7827.53) where an inappropriate Page Info implementation could allow a renderer-compromised remote attacker to bypass navigation restrictions via a crafted HTML page. The issue is tied to the Page Info handling in Chromium/Chrome; the des...

CVE-2026-11276

CVE-2026-11276 concerns Google Chrome (Cast) with an inappropriate implementation allowing a local-network attacker to bypass discretionary access control through malicious traffic, prior to version 149.0.7827.53. Public references in NVD/EUVD/CVEs reiterate the same underlying issue and confirm ...

CVE-2026-11273

CVE-2026-11273 affects Google Chrome’s Omnibox. The issue is caused by insufficient validation of untrusted input, allowing a remote attacker to trigger UXSS via a crafted HTML page when a user visits a page and engages specific UI gestures. The documented impact is relative to UXSS with a Low se...

CVE-2026-11274

The CVE-2026-11274 entry concerns Google Chrome on iOS (DOM Distiller) with an inappropriate implementation that allowed a remote attacker to bypass navigation restrictions via a crafted HTML page, before version 149.0.7827.53. Affected component: DOM Distiller in Chrome for iOS. Root cause: inap...