371535 matches found
CVE-2026-14382
CVE-2026-14382 affects Chrome’s ANGLE component. The issue is insufficient validation of untrusted input in ANGLE, enabling a remote sandbox-escape via a crafted HTML page. Product/versions: Google Chrome prior to 150.0.7871.46. Impact: sandbox escape potential with high severity (per Chromium ad...
CVE-2026-14411
CVE-2026-14411 describes insufficient validation of untrusted input in ANGLE used by Google Chrome, prior to build 150.0.7871.46. The issue may allow a remote attacker to cause a sandbox escape via a crafted HTML page. Documented impact is a high-severity, likely remote threat affecting ANGLE int...
CVE-2026-14401
CVE-2026-14401 affects Google Chrome on Android through ANGLE, where insufficient validation of untrusted input in ANGLE prior to 150.0.7871.46 enables a renderer-Process-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. The vulnerability is described as high ...
CVE-2026-14415
In Chrome, CVE-2026-14415 concerns an inappropriate implementation in V8 that affects Google Chrome before version 150.0.7871.46. A remote attacker could exploit the issue by persuading a user to perform specific UI gestures, potentially triggering heap corruption through a crafted HTML page. The...
CVE-2026-14381
CVE-2026-14381 affects Google Chrome’s WebAppInstalls UI. A crafted HTML page can trigger UI spoofing due to an incorrect security UI in WebAppInstalls prior to Chrome 150.0.7871.46. Impact: remote attacker could spoof UI. Mitigation: update to Chrome 150.0.7871.46 or later (Chromium-based). Refe...
CVE-2026-14409
CVE-2026-14409 affects the Chrome V8 engine prior to 150.0.7871.46. Affected component: V8 in Google Chrome. Root cause: inappropriate implementation allowing a remote attacker to execute arbitrary code inside a sandbox when a user is tricked into performing specific UI gestures on a crafted HTML...
CVE-2026-14407
CVE-2026-14407: In Google Chrome, an inappropriate implementation in the V8 engine prior to 150.0.7871.46 allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affects the V8 implementation in Chrome; details indicate a sandbox escape/vector leadin...
CVE-2026-14383
The CVE-2026-14383 entry concerns Google Chrome’s V8 engine. Affected component: V8 in Chrome prior to version 150.0.7871.46. Description from multiple sources indicates an inappropriate implementation allowed remote attackers to execute arbitrary code inside the browser sandbox via a crafted HTM...
CVE-2026-14410
CVE-2026-14410 affects Google Chrome’s Skia rendering pipeline. The issue arises from an inappropriate implementation in Skia that, if a renderer process is compromised, enables UI spoofing via a crafted HTML page. Impact is limited to remote UI spoofing with no broader exploit chain described; b...
CVE-2026-14404
CVE-2026-14404 affects Google Chrome via an incorrect implementation in PDFium, enabling a remote attacker to achieve UI spoofing through a crafted PDF file. The vulnerability is tied to Chrome versions before 150.0.7871.46 (Chromium security severity: Medium). The underlying root cause is an ina...
CVE-2026-14427
CVE-2026-14427 : Heap buffer overflow in Skia used by Google Chrome prior to 150.0.7871.46. A remote attacker who already compromised the renderer could potentially escape the sandbox via a crafted HTML page. Affected: Chrome/Skia stack (Chrome 150 pre-release fix applies). Root cause: heap buffe...
CVE-2026-14385
CVE-2026-14385 : Heap buffer overflow in ANGLE within Google Chrome on macOS prior to 150.0.7871.46 allows a remote attacker to trigger out-of-bounds memory access via a crafted HTML page. The issue affects ANGLE in Chrome and is tied to the macOS build; CVSS v3.1 base score: 8.8 (High). Remediat...
CVE-2026-50283
Craft CMS versions 5.0.0-RC1–5.9.20 and 4.0.0-RC1–4.17.13 contain an authorization issue in AssetsController::actionReplaceFile that can delete a source asset without source delete permission when both assetId and sourceAssetId are supplied. The runtime loads assetId ($assetToReplace) and sourceA...
CVE-2026-50143
Technical details are not publicly available in the provided documents for CVE-2026-50143. The description indicates a reserved placeholder; monitor for updates and published specifics once available.
CVE-2026-50139
Technical details for CVE-2026-50139 are not publicly available in the provided documents. No affected products, vectors, or remediation are listed. Monitor for updates as new information is published.
CVE-2026-55793
Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...
CVE-2026-50138
Technical details for CVE-2026-50138 are not provided in the supplied documents. This CVE entry is reserved/placeholder with no public details. Monitor for updates as information becomes available.
CVE-2026-53712
Technical details for CVE-2026-53712 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50163
Technical details for CVE-2026-50163 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.
CVE-2026-50162
Technical details for CVE-2026-50162 are not publicly available in the provided documents. No affected products, impact, or remediation are specified. Monitor for updates and referenced details when the candidate is enriched.