Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-10886

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-04 Jun, 2026 | 23:03
Updated At-05 Jun, 2026 | 01:57
Rejected At-
Credits

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:04 Jun, 2026 | 23:03
Updated At:05 Jun, 2026 | 01:57
Rejected At:
â–¼CVE Numbering Authority (CNA)

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From 149.0.7827.53 before 149.0.7827.53 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AUse after free
Type: N/A
CWE ID: N/A
Description: Use after free
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
N/A
https://issues.chromium.org/issues/505096898
N/A
Hyperlink: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Resource: N/A
Hyperlink: https://issues.chromium.org/issues/505096898
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:04 Jun, 2026 | 23:16
Updated At:05 Jun, 2026 | 17:42

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>chrome>>Versions before 149.0.7827.53(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>-
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Secondarychrome-cve-admin@google.com
CWE ID: CWE-416
Type: Secondary
Source: chrome-cve-admin@google.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.htmlchrome-cve-admin@google.com
Release Notes
Vendor Advisory
https://issues.chromium.org/issues/505096898chrome-cve-admin@google.com
Permissions Required
Hyperlink: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Source: chrome-cve-admin@google.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://issues.chromium.org/issues/505096898
Source: chrome-cve-admin@google.com
Resource:
Permissions Required

Change History

0
Information is not available yet

Similar CVEs

5062Records found
CVE-2026-11163
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2026-11002
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:04
Updated-06 Jun, 2026 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2026-11293
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:06
Updated-05 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2026-11094
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:04
Updated-05 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2021-37973
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-14.78% / 94.63%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:40
Updated-24 Oct, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Debian GNU/LinuxGoogle LLCFedora Project
Product-fedoradebian_linuxchromeChromeChromium Portals
CWE ID-CWE-416
Use After Free
CVE-2021-38002
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.83% / 74.88%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2022-1853
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.12% / 78.64%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 21:15
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2026-10931
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:03
Updated-05 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2022-0973
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.61% / 70.23%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 21:05
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-0977
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.49% / 65.97%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 21:05
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2026-11152
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2026-11082
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:04
Updated-05 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2021-21142
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.61% / 70.08%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 14:55
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectApple Inc.Google LLC
Product-chromefedoramacosChrome
CWE ID-CWE-416
Use After Free
CVE-2026-11065
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:04
Updated-05 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2026-11165
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 9.88%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2024-21326
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.76% / 73.83%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 00:29
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2019-5870
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.36% / 58.34%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2019-5850
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.36% / 58.19%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2024-4671
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.57% / 68.86%
||
7 Day CHG+0.39%
Published-09 May, 2024 | 23:54
Updated-24 Oct, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-06-03||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCFedora Project
Product-fedorachromeChromefedorachromeChromium
CWE ID-CWE-416
Use After Free
CVE-2021-30633
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-30.06% / 96.76%
||
7 Day CHG-3.01%
Published-08 Oct, 2021 | 20:50
Updated-24 Oct, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora Project
Product-fedorachromeChromeChromium Indexed DB API
CWE ID-CWE-416
Use After Free
CVE-2023-36735
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.72% / 72.84%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 21:43
Updated-30 Oct, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2023-35618
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.48% / 65.29%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 20:45
Updated-01 Jan, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2023-36019
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.08% / 78.17%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power Platform Connector Spoofing Vulnerability

Microsoft Power Platform Connector Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_logic_appspower_platformAzure Logic AppsMicrosoft Power Platform
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-28373
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.09% / 25.39%
||
7 Day CHG+0.04%
Published-03 Apr, 2026 | 00:00
Updated-02 Jun, 2026 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.

Action-Not Available
Vendor-stackfieldn/aMicrosoft CorporationApple Inc.
Product-stackfieldwindowsmacosn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-3157
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.1||HIGH
EPSS-0.65% / 71.32%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 18:41
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21111
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.45% / 64.18%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 17:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-21154
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.08% / 78.23%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 21:20
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21132
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-21.09% / 95.77%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromeedge_chromiumChrome
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-21223
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.15% / 78.87%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-21155
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.08% / 78.23%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 21:20
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCMicrosoft Corporation
Product-chromewindowsfedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7868
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-9.6||CRITICAL
EPSS-2.33% / 85.14%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 13:39
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Helpu remote code execution vulnerability

A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.

Action-Not Available
Vendor-helpuHelpUMicrosoft Corporation
Product-helpuwindowshelpu.ocx
CWE ID-CWE-141
Improper Neutralization of Parameter/Argument Delimiters
CVE-2020-6471
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.86% / 75.36%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 03:46
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-6469
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.70% / 72.47%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 03:46
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-2318
Matching Score-8
Assigner-STAR Labs SG Pte. Ltd.
ShareView Details
Matching Score-8
Assigner-STAR Labs SG Pte. Ltd.
CVSS Score-8.6||HIGH
EPSS-0.08% / 23.02%
||
7 Day CHG~0.00%
Published-19 Aug, 2023 | 05:43
Updated-07 Oct, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution

DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.

Action-Not Available
Vendor-marktextMarkTextmarktextLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-windowsmacoslinux_kernelmarktextMarkTextmarktext
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27303
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.6||CRITICAL
EPSS-4.70% / 89.56%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 17:33
Updated-28 Apr, 2026 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | Deserialization of Untrusted Data (CWE-502)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsconnectconnect_desktop_applicationmacosAdobe Connect
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-35428
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.04% / 12.43%
||
7 Day CHG+0.01%
Published-07 May, 2026 | 20:58
Updated-05 Jun, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Cloud Shell Spoofing Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cloud_shellAzure Cloud Shell
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-9369
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 17:50
Updated-20 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2023-2136
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.44% / 63.42%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 03:40
Updated-24 Oct, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-05-12||Apply updates per vendor instructions.

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Debian GNU/LinuxGoogle LLCFedora Project
Product-fedoradebian_linuxchromeChromeChromium Skia
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-41924
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.6||CRITICAL
EPSS-53.56% / 98.04%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tailscale Windows daemon is vulnerable to RCE via CSRF

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.

Action-Not Available
Vendor-tailscaletailscaleMicrosoft Corporation
Product-tailscalewindowstailscale
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-7024
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.3||CRITICAL
EPSS-0.12% / 31.02%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 22:47
Updated-02 Jan, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6522
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-2.28% / 84.99%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 16:16
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CVE-2024-4947
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.06% / 78.03%
||
7 Day CHG+0.09%
Published-15 May, 2024 | 20:42
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-06-10||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCFedora Project
Product-fedorachromeChromeChromium V8
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-49038
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.23% / 46.01%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 19:43
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Copilot Studio Elevation Of Privilege Vulnerability

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-copilot_studioMicrosoft Copilot Studio
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4920
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.14% / 78.81%
||
7 Day CHG~0.00%
Published-28 Jul, 2023 | 23:26
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4609
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.03% / 10.21%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 21:05
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChrome
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2012-5376
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.37% / 59.18%
||
7 Day CHG~0.00%
Published-11 Oct, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-4135
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.08% / 23.50%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-24 Oct, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-12-19||Apply updates per vendor instructions.

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-chromeedgeedge_chromiumChromeChromium GPU
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3890
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.44% / 81.10%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-23 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChromechrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-8670
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-8
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-9.6||CRITICAL
EPSS-0.05% / 14.58%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 13:12
Updated-02 Jun, 2026 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure session handling on metrics web server

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

Action-Not Available
Vendor-avantrasyslink software AGMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelavantrawindowsAvantra
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-9918
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.08% / 24.52%
||
7 Day CHG+0.05%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 101
  • 102
  • Next
Details not found