CVE-2026-9895

CVE-2026-9895 is a GPU-related out-of-bounds read in the Chromium-based Google Chrome browser. The vulnerability affects the GPU component and was exploitable by a renderer process compromise via a crafted HTML page, potentially enabling a sandbox escape. Affected versions are Chrome prior to 148...

CVE-2026-9894

CVE-2026-9894 describes a use-after-free in the GPU component of the Chromium-based Google Chrome browser. The vulnerability could allow a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox via a crafted HTML page, with the documented impact...

CVE-2026-9893

Summary: CVE-2026-9893 is a use-after-free in the Skia component of Google Chrome. The issue allowed a remote attacker who had compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. This is described in multiple sources as a high-severity, cross-origin ...

CVE-2026-9890

CVE-2026-9890 is a use-after-free in Chrome’s XR component on Windows, prior to version 148.0.7778.216. A renderer process–compromised attacker could potentially escape the Chrome sandbox via a crafted HTML page, as described in multiple sources (EUVD-2026-33185, Red Hat, Debian, NVD). The Chrome...

CVE-2026-9891

CVE-2026-9891 is a use-after-free vulnerability in Chrome’s Extensions component (Chromium) that affects pre-148.0.7778.216 builds. The issue arises when a renderer process is compromised, potentially enabling a sandbox escape via a crafted Chrome Extension. The vulnerability is discussed across ...

CVE-2026-9892

CVE-2026-9892 describes an Inappropriate implementation in Skia within Google Chrome on Android (pre-148.0.7778.216) that could allow a remote attacker who had already compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The connected EUVD-2026-33187 and RH:...

CVE-2026-9889

CVE-2026-9889 refers to an out-of-bounds read and write in the Dawn component of Google Chrome on Android, fixed in the Chrome update that reaches 148.0.7778.216 (and later). The vulnerability potentially allowed a remote attacker to escape the Chrome sandbox via a crafted HTML page. Affected pro...

CVE-2026-9888

The CVE-2026-9888 entry affects Google Chrome WebView on Android and is caused by a use-after-free in the WebView component, allowing a remote attacker who compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The connected sources confirm the impact as a san...

CVE-2026-9887

CVE-2026-9887 is a use-after-free vulnerability in the Chromium-based Proxy component of Google Chrome, exploitable via a crafted PAC script to achieve remote code execution. The flaw affects Chrome before version 148.0.7778.216, and Google released a stable-channel fix in 148.0.7778.216/217 (Win...

CVE-2026-9885

CVE-2026-9885 concerns an upstream Chrome UI integrity issue: insufficient validation of untrusted input in the Mac UI could allow a renderer-compromised remote attacker to escape the sandbox via a crafted HTML page. Affected product: Google Chrome on macOS (before 148.0.7778.216). Root cause: in...

CVE-2026-9886

CVE-2026-9886 affects Google Chrome on macOS with versions prior to 148.0.7778.216. It is a use‑after‑free in the Chromium Base component that could allow a remote attacker to escape the browser sandbox via a crafted HTML page. The Chrome update 148.0.7778.216 (and related 148.0.7778.215/216 on o...

CVE-2026-9882

CVE-2026-9882 affects Google Chrome’s ANGLE component, where an integer overflow allows a remote attacker to leak cross-origin data via a crafted HTML page. Public reports/entries consistently describe the flaw as an integer overflow in ANGLE prior to Chrome 148.0.7778.216. The Chromium/Chrome se...

CVE-2026-9884

CVE-2026-9884 describes a Use-after-Free in the Google Chrome browser on macOS that allows remote code execution via a crafted HTML page. Affected product/component: Google Chrome (Mac), Chromium-based browser. Root cause: use-after-free in the Browser object. Impact: arbitrary code execution wit...

CVE-2026-9883

The vulnerability CVE-2026-9883 is a Use-After-Free in the Base component of Google Chrome (Chromium-based) prior to version 148.0.7778.216. The issue allows a remote attacker to execute arbitrary code via a crafted HTML page. The root cause is a use-after-free flaw in Base, fixed in the Chrome s...

CVE-2026-9880

CVE-2026-9880 affects Google Chrome WebGL in the Chromium WebGL stack. The root cause is insufficient validation of untrusted input in WebGL, enabling a remote attacker who has compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. Affected software is ...

CVE-2026-9879

CVE-2026-9879 – Google Chrome ANGLE vulnerability : An out-of-bounds write in ANGLE within Chromium-based Chrome prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code via a crafted HTML page. The issue affects Chrome’s ANGLE component and is referenced by upstream Chromium bu...

CVE-2026-9881

CVE-2026-9881 describes a use-after-free in Bluetooth within the Chromium-based Google Chrome browser on macOS, prior to version 148.0.7778.216. An attacker could trick a user into installing a malicious extension, potentially enabling a sandbox escape via the crafted extension. The issue affects...

CVE-2026-9878

CVE-2026-9878 is a use-after-free in ANGLE within Google Chrome prior to 148.0.7778.216, allowing a remote attacker to execute arbitrary code inside the browser sandbox. The vulnerability affects ANGLE components used by Chrome; the public details confirm a sandbox escape risk via a crafted HTML ...

CVE-2026-9877

CVE-2026-9877 is a use-after-free in ANGLE within Google Chrome prior to 148.0.7778.216, enabling a remote attacker who compromises the renderer to potentially escape the sandbox via a crafted HTML page. Affected product: Google Chrome (ANGLE component in Chromium). Root cause: use-after-free in ...

CVE-2026-9876

The CVE-2026-9876 entry affects Google Chrome on Android, specifically a WebGL Use-After-Free flaw in the Chromium WebGL pipeline. The vulnerability could enable a remote attacker to escape the Chromium sandbox via a crafted HTML page, as described in the linked Chrome security advisory. The issu...

CVE-2026-9875

CVE-2026-9875: Out-of-bounds read in WebGL in Google Chrome on Android (pre-148.0.7778.216) could allow a remote attacker to perform a sandbox escape via a crafted HTML page. Affects WebGL in Chromium-based Chrome for Android; fixed in the Chrome stable channel update to 148.0.7778.216/217. The i...

CVE-2026-9874

CVE-2026-9874 is a use-after-free in Chrome’s Dawn component (Chromium) that could allow a sandbox escape via a crafted HTML page. Affected product: Google Chrome (Dawn in Chromium). Version history: fixed in Chrome stable channel as of 148.0.7778.216 (Windows/Linux/macOS varied builds; subsequen...

CVE-2026-9872

Google Chrome on Android prior to 148.0.7778.216 has an out-of-bounds write in the GPU component of Chromium, which could allow a remote attacker to escape the sandbox via a crafted HTML page. The issue is tracked as CVE-2026-9872 and is considered Critical. A fix is included in Chrome 148.0.7778...

CVE-2026-9873

CVE-2026-9873 is a use-after-free vulnerability in Google Chrome's Network component. In Chromium-based Chrome, the flaw could allow a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected builds are prior to 148.0.7778.216; a fixed version is 148.0.7778.2...

CVE-2026-49299

OpenStack Neutron prior to 28.0.1 is affected: the tagging controller enforces plural policy action names on single-tag write operations while policy rules use singular names, causing the mismatch to evaluate as allowed under the default policy. This permits a project reader to create and update ...

CVE-2026-45364

The CVE-2026-45364 issue affects Better Auth (TypeScript) where the HTTP rate limiter keyed by the leftmost x-forwarded-for value could be bypassed for IPv6. Before fixes, IPv6 prefix rotation (e.g., /64) and multiple textual representations could produce 2^64 distinct keys, letting an attacker p...

CVE-2026-45023

AutoGPT is affected by CVE-2026-45023. The vulnerability resides in the POST /api/blocks/{block_id}/execute endpoint, where blocks can be executed without consuming credits, bypassing the intended credit check in the graph execution path. The bypass occurs when blocks are invoked directly via the...

CVE-2026-44973

CVE-2026-44973 affects go-billy, an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues enabled by insufficient path sanitization and boundary enforcement could let crafted paths (e.g., using ..) escape base directories across various components. Impact could r...

CVE-2026-45410

TREK (collaborative travel planner) has a time-based user enumeration vulnerability in the authentication endpoint prior to version 3.0.18. When an email exists, the backend performs a bcrypt password comparison before returning 401, adding ~370 ms; when it does not exist, it returns immediately ...

CVE-2026-47713

Summary of CVE-2026-47713 : AnythingLLM prior to version 1.13.0 allowed a mobile device token created in single-user mode to survive the migration to multi-user mode without an attached user. In multi-user mode, the mobile authentication middleware accepted this token, causing downstream handlers...

CVE-2026-48116

AnythingLLM CVE-2026-48116: Prior to 1.13.0, the filesystem-search-files agent passes a user-controlled pattern to ripgrep as a positional argument without a -- end-of-options separator. ripgrep interprets arguments starting with - as options, so a pattern like --pre=/bin/sh can execute /bin/sh f...

CVE-2026-45403

Summary of CVE-2026-45403 : AnythingLLM’s agent filesystem copy tool (prior to v1.13.0) validates only the top-level source/destination. The recursive copy helper traverses child entries with fs.stat() and copies via fs.copyFile() without validating each child or rejecting symlinks. A symlink ins...

CVE-2026-39929

CVE-2026-39929 concerns Lakeside SysTrack Agent prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15, where the out-of-bounds read occurs in the UDP Command ID 30 packet handler. The root cause is an invalid memory access triggered by a malformed UDP packet at offset 0x4 in the payload, leadin...

CVE-2026-44881

Summary: Portainer Community Edition before fixes is vulnerable to arbitrary file read via Git-symlink injection when deploying stacks from Git repositories. During Git-backed stack creation/update, go-git v5 may create real OS symlinks for most files (except .gitmodules). The GET /api/stacks/{id...

CVE-2026-44848

CVE-2026-44848 concerns Portainer Community Edition where missing authorization on the Docker plugin endpoints allowed a non-admin Portainer user with endpoint access to perform privileged Docker plugin operations directly against the Docker daemon. Affected releases include 2.33.0–2.33.7, 2.39.0...

CVE-2026-44849

CVE-2026-44849 describes an endpoint security bypass in Portainer: non-admin users with Swarm endpoint access can create/update services and bypass EndpointSecuritySettings checks, allowing elevated capabilities, broken syscall confinement, and bind mounts to host paths. Affected are Portainer re...

CVE-2026-44850

CVE-2026-44850 affects Portainer Community Edition. Affected: Portainer’s container-create proxy used for Docker API operations. Description confirms that a security setting to disable bind mounts for non-administrators could be bypassed by submitting a bind entry under HostConfig.Mounts, since t...

CVE-2026-10044

Usagi-org ai-goofish-monitor on Windows is affected by an unauthenticated arbitrary file read via GET /api/prompts/{filename}. The vulnerability arises from an incomplete path traversal guard that blocks only forward slashes and '..'; attackers can supply absolute Windows paths or backslash-based...

CVE-2026-44882

Portainer’s Kubernetes middleware (kubeClientMiddleware) is affected by CVE-2026-44882. The issue occurs in Portainer CE/EE from 2.33.0 up to before 2.33.8, where security.RetrieveTokenData can return an error and the middleware writes a 403 without returning, allowing execution to continue with ...

CVE-2026-44883

Summary: Portainer Community Edition versions 2.33.0–2.33.7.x, 2.39.0–2.39.1.x, and 2.40.x prior to 2.41.0 expose JWTs via the ?token= URL query parameter on any authenticated API endpoint, in addition to the Authorization header. Root cause: The authentication middleware accepted the token from ...

CVE-2026-44884

Portainer CVE-2026-44884 involves a missing authorization check on the Custom Template file endpoint (GET /api/custom_templates/{id}/file). From 2.33.0 up to 2.33.8 and 2.39.0 up to 2.39.1, any authenticated user could read the file content of any custom template by enumerating numeric IDs, poten...

CVE-2026-44885

Portainer Portainer Community Edition is affected by a directory traversal in the backup archive extraction path. The vulnerable code path is ExtractTarGz in api/archive/targz.go, which builds output paths via filepath.Clean(filepath.Join(outputDirPath, header.Name)). A tar entry like ../../etc/c...

CVE-2026-45342

LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...

CVE-2026-45343

LinkAce is a self-hosted archive for collecting website links. A Stored XSS exists in versions prior to 2.5.6 where a low-privilege user can inject arbitrary JavaScript that executes in an administrator’s browser session when the admin visits /system/audit. The attack relies on abusing SSO/OAuth ...

CVE-2026-45344

LinkAce suffers a pre-auth RCE via setup flow on uninitialized instances. Before version 2.5.6, the setup database configuration flow accepts attacker-controlled database credentials and writes them into the .env file without proper escaping. A remote attacker who can reach the setup endpoints an...

CVE-2026-45366

CVE-2026-45366 affects the TypeScript port of UTCP, specifically the package @utcp/http used by the project to implement UTCP in JavaScript/TypeScript. Before version 1.1.2 , the vulnerability arises from a trust-boundary flaw: during manual discovery, URLs are validated, but during tool invocati...

CVE-2026-47718

FUXA (version 1.3.0-2773) in secure mode is vulnerable: in secureEnabled=true, unauthenticated requests or invalid tokens can access protected read endpoints (/api/project, /api/alarms, /api/scheduler), exposing project metadata, alarms, and scheduler information. Root cause: verifyToken() treats...

CVE-2026-9646

CVE-2026-9646 describes a reflected cross-site scripting issue in URL handling affecting ScadaBR (Unauthenticated). Root cause: insufficient sanitization/validation of URL input leading to reflected script execution. Impact: low confidentiality and integrity impact; no availability impact reporte...

CVE-2026-9645

Technical details about CVE-2026-9645 are not publicly available in the provided documents. No explicit affected product/version or root cause is disclosed here. Monitor for updates from the sources.

CVE-2026-42071

Summary: CVE-2026-42071 affects MantisBT, specifically versions 2.23.0 through 2.28.1, where a missing authorization check in the file visibility function allows any authenticated user (REPORTER+) to download attachments from private bugnotes via REST API GET /api/rest/issues/{id}/files and SOAP ...