CVE-2026-6816

Concretely, CVE-2026-6816 affects Drupal TFA Basic Plugins (versions 7.x-1.0 through 7.x-1.2). The issue is an access bypass in which users with the administer users permission can view or generate recovery codes for other users, enabling information disclosure of recovery credentials. The root c...

CVE-2026-5343

CVE-2026-5343 affects the Drupal SAML SSO - Service Provider module. The issue is an improper check for unusual or exceptional conditions that enables privilege escalation. Affected versions are 0.0.0 up to, but not including, 3.1.4. The CVSSv3.1 vector indicates NETWORK attack, high complexity, ...

CVE-2026-10028

Affected software: glib-networking with the GnuTLS backend. Issue: a certificate verification path can loop indefinitely when presented with a specially crafted chain containing circular issuer relationships. Impact: unbounded traversal consumes CPU, causing denial of service of the affected proc...

CVE-2026-8809

Summary: CVE-2026-8809 affects the Advanced Custom Fields: Extended (ACFE) WordPress plugin up to version 0.9.2.5. The root cause is an after_validate_save_post() path that unconditionally trusts the attacker-controlled _acf_post_id POST parameter to choose a cleanup branch, bypassing authenticat...

CVE-2026-10020

Affected software: Skia component in Google Chrome on Android. Vulnerability: Insufficient validation of untrusted input in Skia allows a renderer process–level attacker to potentially escape the sandbox via a crafted HTML page. Impact: Sandbox escape risk as described; exploitation requires a co...

CVE-2026-10021

The CVE-2026-10021 entry describes an issue in Chromium-based Chrome where insufficient validation of untrusted input in the USB component could allow a remote attacker to execute arbitrary code via a crafted HTML page. Affected software is Google Chrome (Chromium-based); the underlying cause is ...

CVE-2026-10022

Summary: A type confusion in the V8 JavaScript engine within Google Chrome before version 148.0.7778.216 may allow an attacker who convinces a user to install a malicious extension to execute arbitrary code inside a browser sandbox. Affected components: V8 in Google Chrome (Chromium-based). Root ...

CVE-2026-10019

The CVE-2026-10019 entry documents an integer overflow in ANGLE used by Google Chrome. Affected software: Google Chrome (ANGLE integration). Vulnerable component/file: ANGLE; root cause is an integer overflow leading to potential cross-origin data leakage when parsing/handling a crafted HTML page...

CVE-2026-10018

This CVE concerns an integer overflow in the ANGLE component of the Chromium-based Google Chrome browser. Affected versions are before 148.0.7778.216 . The issue could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The knowledge ba...

CVE-2026-10016

CVE-2026-10016 is a use-after-free in the DOM of Google Chrome, fixed by the 148.0.7778.216 update. The vulnerability allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Severity: High (CVSS v3.1 base score 8.8; Network attack vector, no privileges ...

CVE-2026-10017

Summary (CVE-2026-10017) Out-of-bounds read in Chrome/Chromium Headless before 148.0.7778.216. An attacker who already compromised the renderer process could potentially escape the sandbox via a crafted HTML page. The issue affects the Headless component of Chromium and is described with Chromium...

CVE-2026-10015

CVE-2026-10015 affects Google Chrome (Chromium WTF component). An integer overflow in WTF could be triggered by a crafted HTML page, allowing a remote attacker to execute arbitrary code inside the browser sandbox. Impact is user-controlled code execution with high severity, and the vulnerability ...

CVE-2026-10013

CVE-2026-10013: A use-after-free flaw in WebCodecs within Google Chrome prior to 148.0.7778.216 allows remote execution of arbitrary code in the sandbox via a crafted HTML page. Affected software is Google Chrome (WebCodecs component); root cause is use-after-free. Impact is high (arbitrary code ...

CVE-2026-10014

CVE-2026-10014 describes a use-after-free in WebMIDI within the Chromium-based Google Chrome browser on Android, prior to version 148.0.7778.216. The issue arises when a renderer process is compromised, potentially enabling a sandbox escape via a crafted HTML page. Affected component: WebMIDI (Ch...

CVE-2026-10010

Technical details for CVE-2026-10010 are not publicly provided in the connected documents. Monitor for updates; the materials only reiterate high-level description without specifics (affected components, root cause, impact, or remediation).

CVE-2026-10012

CVE-2026-10012: Use-after-free in Skia within Google Chrome before 148.0.7778.216 allows a compromised renderer to potentially escape the Chromium sandbox via a crafted HTML page. Affected: Skia component in Chrome (Chromium-based). Root cause: use-after-free bug in Skia identified upstream. Impa...

CVE-2026-10011

CVE-2026-10011 concerns an inappropriate implementation in the Skia component of Google Chrome before 148.0.7778.216, where a remote attacker who already had renderer access could leak cross-origin data via a crafted HTML page. The issue is tied to the Skia/Chromium stack and is described in mult...

CVE-2026-10007

CVE-2026-10007 describes a use-after-free in the SVG handling of Google Chrome (Chromium-based) that can allow a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. The vulnerability affects Chrome builds prior to 148.0.7778.216 and is classified with high severi...

CVE-2026-10009

CVE-2026-10009: Integer overflow in Skia within Google Chrome (pre-148.0.7778.216). An attacker who compromised the renderer could run arbitrary code in the sandbox via a crafted HTML page. Affected component: Skia in Chromium-based Chrome; impact: remote code execution with sandbox escape; statu...

CVE-2026-10008

CVE-2026-10008 concerns an uninitialized use flaw in the GPU component of the Chromium-based Google Chrome on Android. The issue allows a remote attacker to potentially read sensitive information from a process’s memory via a crafted HTML page. The public description cites the root cause as an un...

CVE-2026-10006

CVE-2026-10006 affects Google Chrome’s WebAudio component in Chromium before 148.0.7778.216. A race condition in WebAudio could allow a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. The issue is labeled high severity with network attack vector, requ...

CVE-2026-10004

Google Chrome/Chromium Passwords component vulnerability: insufficient validation of untrusted input before version 148.0.7778.216 allows UI spoofing via a crafted HTML page. Impact is UI spoofing; no exploit details are provided in the documents. Remediation: update to Chrome 148.0.7778.216 or l...

CVE-2026-10005

Google Chrome on macOS is affected by CVE-2026-10005 via a use-after-free in the WebAppInstalls component. The flaw allows a remote attacker to execute arbitrary code if the user is persuaded to perform certain UI gestures on a crafted HTML page; impact is high. A patch exists in Chrome version 1...

CVE-2026-10003

CVE-2026-10003: Use-after-free in Chrome’s Views (Chromium) prior to 148.0.7778.216 permits a remote attacker to run arbitrary code via a crafted HTML page after the user engages specific UI gestures. Root cause is a flaw in the Views component of Chromium/Blink; affected software is Google Chrom...

CVE-2026-10001

CVE-2026-10001 affects Google Chrome/Chromium’s PerformanceManager: a use-after-free in PerformanceManager can allow a remote attacker who has already compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Impact is described as high (CVSS 3.1: AV:N/AC:H/PR:N/...

CVE-2026-10002

CVE-2026-10002 is a use-after-free in PDFium within Google Chrome, fixed in Chrome 148.0.7778.216 and later. The vulnerability affects PDFium’s handling of crafted PDF files, enabling potential heap corruption when a remote attacker supplies a malicious document. Affected product: Google Chrome (...

CVE-2026-10000

CVE-2026-10000 is a use-after-free vulnerability in Google Chrome on Windows affecting the Passwords component. The underlying issue occurs when the renderer process is compromised, enabling a crafted HTML page to potentially escape the Chrome sandbox. Impact is described as high, with remote cod...

CVE-2026-9999

The CVE-2026-9999 entry describes an inappropriately implemented ANGLE component in Google Chrome on macOS prior to 148.0.7778.216, enabling a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. The risk is tied to the ANGLE implementation in Chrome/Chromi...

CVE-2026-9998

CVE-2026-9998 affects the Skia component in Google Chrome/Chromium. An integer overflow in Skia prior to version 148.0.7778.216 could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The impact is a high-severity, lo...

CVE-2026-9996

CVE-2026-9996 affects Google Chrome on macOS, with an out-of-bounds read in WebRTC that could allow a remote, crafted HTML page to read potentially sensitive data from the browser process memory. Affected component: WebRTC in Chromium-based Chrome; root cause is an out-of-bounds read. Version det...

CVE-2026-9997

CVE-2026-9997 corresponds to a use-after-free in the Chrome Input component (Chromium-based) that affects Chrome versions prior to 148.0.7778.216. A renderer process compromise could enable a remote attacker to attempt a sandbox escape via a crafted HTML page. The issue is described across multip...

CVE-2026-9995

The CVE-2026-9995 entry describes a use-after-free in Chrome’s WebXR component prior to version 148.0.7778.216. A crafted HTML page could allow a remote attacker to execute arbitrary code inside the browser sandbox. Affected product: Google Chrome (WebXR). Root cause: use-after-free in WebXR. Imp...

CVE-2026-9994

CVE-2026-9994 affects Google Chrome on Windows due to a use-after-free in Chrome’s Core, allowing a renderer-compromised attacker to potentially escape the sandbox via a crafted HTML page. The vulnerability is triggered by an issue in Core that existed prior to version 148.0.7778.216. Impact is h...

CVE-2026-9992

The CVE-2026-9992 entry concerns a use-after-free in the Network component of Google Chrome, exploited remotely via a crafted HTML page to achieve arbitrary code execution inside the sandbox. Affected software is Chrome prior to version 148.0.7778.216. The underlying cause is a use-after-free in ...

CVE-2026-9993

CVE-2026-9993 affects Google Chrome (Chromium-based) and its Views component. The flaw is a use-after-free in Views that could allow a remote attacker with renderer access to escape the sandbox via a crafted PDF file. Affected version range is Chrome prior to 148.0.7778.216. If exploiting, the im...

CVE-2026-9991

Affected product: Google Chrome on Windows. Issue: In the Media component, an inappropriate implementation allows a remote attacker who has gained a foothold in the renderer process to leak cross-origin data via a crafted HTML page. Root cause: improper media handling within Chromium’s Windows re...

CVE-2026-9989

The CVE-2026-9989 entry concerns Google Chrome’s Media component, with an inappropriate implementation that allowed a remote attacker to bypass the same-origin policy via a crafted video file. Affected software is Google Chrome prior to 148.0.7778.216; impact is the bypass of SOP, as described in...

CVE-2026-9990

CVE-2026-9990 affects Google Chrome on macOS in the WebAppInstalls component. The vulnerability is a use-after-free leading to potential heap corruption when a user is persuaded to perform specific UI gestures on a crafted HTML page. The issue is tied to Chromium code (upstream bug 513128608) and...

CVE-2026-9988

Technical details (affected product/version, root cause, mitigation) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-9985

The CVE-2026-9985 entry affects Google Chrome on ChromeOS, leveraging the Media component in Chromium. The root cause is insufficient validation of untrusted input within Media, allowing a remote attacker that already compromised the renderer process to read potentially sensitive memory contents ...

CVE-2026-9987

CVE-2026-9987 : In Chrome for Android, WebAppInstalls suffers insufficient validation of untrusted input, enabling a local attacker to execute arbitrary code via a malicious file. The issue is described across multiple sources as a Chromium/WebAppInstalls flaw with a High severity. The available ...

CVE-2026-9986

The CVE-2026-9986 entry concerns the Chromium-based Google Chrome component OptimizationGuide. Affected product: Google Chrome (OptimizationGuide in Chromium). The flaw is insufficient validation of untrusted input, exploitable when an attacker who has compromised the renderer process crafts an H...

CVE-2026-9984

CVE-2026-9984 affects Google Chrome on Windows with a use-after-free in the UI of the Chromium-based browser, allowing remote code execution via a crafted HTML page. Root cause: use-after-free in the UI component. Affected products/versions: Chrome prior to 148.0.7778.216. Impact: arbitrary code ...

CVE-2026-9983

Moderate confidence CVE-2026-9983 affects Google Chrome’s Skia component. A type confusion flaw in Skia prior to Chrome 148.0.7778.216 could allow a remote attacker to run arbitrary code inside the browser sandbox via a crafted HTML page. From the connected sources, the issue is described as a ty...

CVE-2026-9981

CVE-2026-9981 affects Google Chrome’s Skia component (pre-148.0.7778.216). The vulnerability is an inappropriate implementation that could allow a remote attacker to extract potentially sensitive data from a process’s memory via a crafted HTML page. Impact is described as exposure of memory conte...

CVE-2026-9980

In Google Chrome (Chromium) Printing component, the vulnerability CVE-2026-9980 is caused by insufficient validation of untrusted input, allowing a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. Impact is described as high severity; reme...

CVE-2026-9982

Affected software: Google Chrome (ANGLE component). Issue: insufficient validation of untrusted input in ANGLE allows a renderer process user to escalate to sandbox escape via a crafted HTML page. Severity: High (CVSS 3.1 base 8.3). Affected version window: prior to 148.0.7778.216; remediation: u...

CVE-2026-9979

CVE-2026-9979 affects Google Chrome: Insufficient validation of untrusted input in the Input component of Chromium before 148.0.7778.216. A remote attacker who has compromised the renderer process could bypass site isolation by presenting a crafted HTML page. The issue originates from an input va...

CVE-2026-9978

CVE-2026-9978: Use-after-free in the Glic component of Google Chrome (Chromium) allows remote code execution via a crafted HTML page. Affected: Google Chrome, prior to version 148.0.7778.216; root cause is a use-after-free in Glic. Impact: arbitrary code execution inside the sandbox with high sev...

CVE-2026-9977

Summary: CVE-2026-9977 affects Google Chrome on Android through the WebShare component where insufficient validation of untrusted input could let a renderer-process–compromised page escape the sandbox. The issue is in Chromium/WebShare, with impact described as high severity (C/H/I/A). Affected c...