By weakness (CWE)
CWE-20: related vulnerabilities
CVEs classified under CWE-20. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
46 published vulnerabilities
- CVE-2026-10021HIGH 8.8
Google Chrome versions before 148.0.7778.216 contain a vulnerability in USB input handling that allows attackers to execute arbitrary code on a user's computer by tricking them into visiting a malicious website. The flaw stems from insufficient validation of untrusted data, meaning Chrome doesn't properly check or sanitize input before processing it through the USB subsystem. An attacker would need to craft a deceptive HTML page and convince a user to visit it, but once clicked, the attack requires no special privileges and can fully compromise the affected system.
- CVE-2026-10904HIGH 8.8
Google Chrome versions prior to 149.0.7827.53 contain a flaw in the V8 JavaScript engine that allows attackers to break out of the browser sandbox and run malicious code with full privileges. An attacker can exploit this by tricking a user into visiting a specially crafted website. Once triggered, the vulnerability bypasses Chrome's security boundary—the sandbox that normally isolates web content from the rest of the system—giving an attacker direct access to execute arbitrary code on the victim's machine.
- CVE-2026-10922HIGH 8.8
CVE-2026-10922 is a same-origin policy bypass vulnerability in Google Chrome's Developer Tools that allows an attacker to access data or perform actions they normally shouldn't be able to. The flaw stems from inadequate validation of untrusted input, meaning malicious network traffic can exploit it if a user performs certain interactions with the DevTools interface. While the attack requires user interaction, it carries significant impact—unauthorized access to sensitive information, unauthorized modifications, or disruption of services are all possible. The vulnerability affects Chrome versions prior to 149.0.7827.53 across Windows, macOS, and Linux systems.
- CVE-2026-10020HIGH 8.3
A flaw in Chrome's Skia graphics library on Android allows an attacker who has already compromised Chrome's renderer process to escape the security sandbox and gain full device access. The vulnerability requires the user to visit a specially crafted webpage, but the heavy lifting—compromising the renderer first—means this is a two-stage attack. Chrome versions before 148.0.7778.216 on Android are affected.
- CVE-2026-10911HIGH 8.3
CVE-2026-10911 is a sandbox escape vulnerability in Google Chrome that allows a remote attacker to break out of the browser's security sandbox if they have already compromised the renderer process. The attack requires crafted HTML content and user interaction, but once successful, it grants an attacker full system access. This is a chained attack scenario: an attacker must first compromise the renderer (the part of Chrome that displays web content) through a separate vulnerability, then use this flaw to escape the sandbox and gain control of the underlying system.
- CVE-2026-10917HIGH 8.3
Google Chrome versions before 149.0.7827.53 contain a media handling flaw that allows an attacker who has already compromised the browser's renderer process to escape the sandbox and gain broader system access. The vulnerability requires user interaction (visiting a specially crafted webpage) but poses a significant risk because renderer compromises are common entry points in real attacks. Once inside the renderer, the flaw gives an attacker a path to elevated privileges on the underlying operating system.
- CVE-2026-10920HIGH 8.3
A validation flaw in Chrome's WebShare feature on macOS allows an attacker who has already compromised the browser's renderer process to break out of the sandbox through a specially crafted webpage. This is a post-compromise privilege escalation risk—the attacker must first gain code execution within the renderer, but if successful, can gain full system access. Chrome versions before 149.0.7827.53 are affected.
- CVE-2026-10970HIGH 8.3
Google Chrome versions prior to 149.0.7827.53 contain a vulnerability in how the browser validates input data related to Interest Groups—a feature used for targeted advertising. An attacker who has already compromised Chrome's renderer process (the part that executes web content) can exploit insufficient input validation to break out of the browser's sandbox—the security boundary designed to isolate web content from the rest of your system. This requires the attacker to first gain renderer access and trick a user into visiting a crafted webpage, but if successful, allows full control over the victim's machine.
- CVE-2026-10863HIGH 8.1
A vulnerability in MISP's correlations endpoint allowed authenticated users to manipulate how search results were ordered by injecting values into the order parameter. Rather than applying a server-defined sort, the application accepted user input that could be passed unsafely to the database layer. An attacker with valid credentials could exploit this to reorder results in ways the application designers didn't intend, potentially exposing information through creative query construction or gaining visibility into data the endpoint should have restricted.
- CVE-2026-35081HIGH 8.1
A vulnerability in MBS Solutions' gateway and protocol conversion products allows authenticated users to remotely stop arbitrary processes on affected devices. An attacker who already has valid user credentials can exploit insufficient input validation in the ugw-logstop method to terminate critical services, potentially disrupting device functionality or causing a denial of service. This is a HIGH severity issue requiring prompt attention in networked industrial and building automation environments.
- CVE-2026-42588HIGH 8.1
Apache ActiveMQ's web console exposes a remote interface (Jolokia) that allows authenticated users to interact with the message broker's management functions. An attacker who has legitimate access credentials can craft a specially formed network connector request that tricks the broker into loading and executing arbitrary code hidden in a Spring XML configuration file. The vulnerability exists because the broker doesn't properly validate the input before processing it, and Spring automatically instantiates code within those XML files before any security checks occur.
- CVE-2025-22424HIGH 7.8
A vulnerability in Android allows a user with local access to view images that should be restricted to other users. The flaw stems from insufficient validation of user input across multiple code locations. While this requires someone already on the device and user interaction to exploit, it can lead to privilege escalation, meaning an attacker could gain elevated access to sensitive data and system resources.
- CVE-2026-0078HIGH 7.8
A flaw in Android's device policy management system allows a local user to escalate their privileges by exploiting improper validation of proxy configuration settings. The vulnerability exists in how the system persists global proxy changes, creating a state mismatch that can be leveraged without requiring special permissions or user interaction. An attacker with basic local access can trigger the flaw to gain elevated system privileges.
- CVE-2026-10942HIGH 7.8
Google Chrome on Windows contains a UI implementation flaw that allows a local attacker to escalate privileges by opening a malicious file. The vulnerability affects Chrome versions prior to 149.0.7827.53 and requires user interaction (opening a file) but no authentication. If exploited, an attacker could gain elevated system privileges on an affected machine.
- CVE-2026-10969HIGH 7.5
A flaw in Google Chrome's extension validation system allows attackers to escalate privileges if they've already compromised Chrome's rendering engine. An attacker would need to trick a user into viewing a specially crafted webpage while the renderer process is already under their control, leading to unauthorized system-level access. This is a High-severity issue affecting Chrome versions before 149.0.7827.53.
- CVE-2026-37460HIGH 7.5
FRRouting, a widely-used open-source routing protocol suite, contains a flaw in how it validates incoming BGP UPDATE messages. An attacker on the network can send a specially crafted message that causes the routing daemon to crash or become unresponsive, disrupting network operations. This is a network-based denial-of-service vulnerability requiring no authentication or user interaction.
- CVE-2026-10968HIGH 7.4
A vulnerability in Chrome's graphics rendering engine (Dawn) on Windows allows attackers to steal sensitive data from websites you're visiting. If an attacker first compromises Chrome's renderer process—the part that runs web content—they can craft a malicious webpage to leak information across website boundaries, bypassing Chrome's security isolation. This requires the attacker to have already gained control of the renderer, making it part of a multi-stage attack but with serious data-theft consequences once achieved.
- CVE-2026-11035HIGH 7.3
Google Chrome on Android contains a flaw in how it handles Custom Tabs—a feature that allows apps to open web content within their own interface. An attacker with local access to a device can exploit this vulnerability by crafting a malicious XML file, potentially gaining elevated privileges on the system. The issue affects Chrome versions prior to 149.0.7827.53. While the base severity from Chromium is listed as Medium, the overall risk score reflects the complete attack chain impact.
- CVE-2026-30760HIGH 7.3
SourceBans Material Admin, a web-based administration panel, contains a vulnerability that allows unauthenticated attackers to alter user data through a specially crafted XAJAX request. An attacker can send a malicious web request to manipulate account information, permissions, or other critical user attributes without needing valid credentials. This affects versions prior to 1.1.6.
- CVE-2026-36175MEDIUM 6.8
CVE-2026-36175 is a physical authentication bypass vulnerability affecting GNCC GP5 v7.1.76. An attacker with direct physical access to a device can interrupt the boot process and inject malicious kernel boot arguments, circumventing security controls to obtain root-level access. The vulnerability requires the attacker to be present at the device during startup, making it a targeted risk rather than a remote threat.
- CVE-2026-0051MEDIUM 6.5
A vulnerability in Google Android's UBSan (Undefined Behavior Sanitizer) runtime component allows an authenticated attacker to crash the system by sending malformed input to multiple functions in ubsan_throwing_runtime.cpp. The vulnerability requires valid credentials to exploit but no special privileges, and the attacker doesn't need to interact with the device user. The impact is denial of service—the system becomes unavailable—but data confidentiality and integrity are not compromised.
- CVE-2026-10004MEDIUM 6.5
Google Chrome versions before 148.0.7778.216 contain a flaw in how they validate user input within the password-handling component. An attacker can craft a malicious HTML page that, when visited by a user, tricks the browser into displaying fake password prompts or other UI elements that appear legitimate. This is a spoofing attack—the attacker doesn't steal data directly, but deceives users into believing they're interacting with genuine Chrome interface elements, potentially leading them to enter credentials or take other unintended actions.
- CVE-2026-10912MEDIUM 6.5
A flaw in Google Chrome's extension handling allows an attacker who has already compromised the renderer process to bypass the browser's same-origin policy—a core security boundary that prevents JavaScript from one website accessing data from another. An attacker would need to trick a user into visiting a specially crafted webpage to exploit this. The vulnerability affects Chrome versions prior to 149.0.7827.53 across Windows, macOS, and Linux.
- CVE-2026-10938MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a flaw in how the browser handles certain HTML input that could allow an attacker to circumvent site isolation protections, but only if they have already compromised the renderer process. Site isolation is Chrome's core defense that prevents a compromised website from accessing data from other open websites. This vulnerability narrows that protection in specific scenarios.
- CVE-2026-10980MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a flaw in DevTools that allows an attacker who has already compromised the browser's rendering engine to bypass the same-origin policy—a core security boundary that prevents websites from accessing each other's data. An attacker could craft a malicious HTML page to exploit this, potentially gaining unauthorized access to sensitive information from other websites.
- CVE-2026-10981MEDIUM 6.5
CVE-2026-10981 is a cross-origin data leak vulnerability in Google Chrome's video codec handling. An attacker who has already compromised Chrome's renderer process can craft a malicious video file to exfiltrate sensitive data from other websites the user is visiting. The vulnerability requires user interaction (opening or playing a video file) and relies on prior compromise of the rendering engine, limiting the attack surface but creating risk for users who already have malware or who visit compromised sites.
- CVE-2026-10992MEDIUM 6.5
Google Chrome versions prior to 149.0.7827.53 contain a flaw in how the Animation feature validates user-supplied data. An attacker can craft a malicious HTML page that, when opened in a vulnerable Chrome browser, leaks sensitive information stored in the browser's process memory. The attack requires user interaction (opening the page) but no authentication or special browser configuration.
- CVE-2026-11007MEDIUM 6.5
A flaw in Google Chrome's WebView on Android allows an attacker who has already compromised Chrome's renderer process to steal sensitive data from other websites. The vulnerability stems from inadequate validation of user-supplied input, making it possible for an attacker to craft a malicious webpage that leaks cross-origin information—data that should remain isolated between websites. While the attacker must first gain control of the renderer process, the subsequent data leakage requires only that a user visit a crafted page, making this a meaningful risk in multi-stage attack chains.
- CVE-2026-11008MEDIUM 6.5
A flaw in Google Chrome's web app installation feature fails to properly validate user input, allowing an attacker who has already compromised Chrome's renderer process to extract sensitive data from other websites through a malicious webpage. The attacker would need to trick a user into visiting a crafted HTML page, but once the renderer is compromised, the vulnerability creates a pathway to leak cross-origin information that should remain isolated.
- CVE-2026-11013MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a flaw in how the browser validates user-supplied input within its networking code. An attacker who has already compromised Chrome's renderer process—the sandboxed component that executes web content—can craft a malicious HTML page to leak sensitive data from the renderer's memory. This is a post-compromise attack vector; the attacker must first gain code execution in the renderer sandbox, but once there, they can extract information that should remain private.
- CVE-2026-11016MEDIUM 6.5
Google Chrome versions before 149.0.7827.53 contain a flaw where insufficient validation of network input allows a remote attacker who has already compromised the browser's renderer process to bypass the same-origin policy. An attacker could craft a malicious HTML page to force the compromised renderer to access resources or data from a different origin, violating the security boundary that normally prevents cross-origin access. This requires initial renderer process compromise—the attacker cannot trigger the vulnerability from an unauthenticated network position alone.
- CVE-2026-11022MEDIUM 6.5
CVE-2026-11022 is a same-origin policy bypass vulnerability in Google Chrome's DevTools that requires an attacker to have already compromised the renderer process. An attacker could then use a specially crafted HTML page to escape origin restrictions, potentially accessing or modifying data from other websites in the same browser session. This is not a remote code execution vector but rather a privilege escalation within an already-compromised rendering context.
- CVE-2026-11023MEDIUM 6.5
Google Chrome versions prior to 149.0.7827.53 contain a flaw in how the browser handles web app installation that allows an attacker who has already compromised the browser's renderer process to bypass the same-origin policy. This means a specially crafted web page could be used to access or modify content from other websites in ways the browser is supposed to prevent. The attacker needs prior renderer compromise, limiting the immediate threat to users, but the bypass itself is reliable once that initial foothold exists.
- CVE-2026-11027MEDIUM 6.5
A vulnerability in Google Chrome's Glic component fails to properly validate untrusted input, allowing an attacker who has already compromised Chrome's renderer process to extract sensitive data across website boundaries using a specially crafted webpage. The attacker needs initial renderer process compromise but then gains the ability to read data from sites the user visits, bypassing normal browser security boundaries.
- CVE-2026-35049MEDIUM 6.5
Wire iOS users running versions before 4.16.0 are vulnerable to a denial-of-service attack where a specially crafted message causes the app to crash immediately upon receipt, without any user action required. The crash persists across app restarts, trapping users in a crash loop until they manually clear the app's local data. This affects authenticated users only—the attacker must have messaging access to the target.
- CVE-2026-10916MEDIUM 6.1
CVE-2026-10916 is a cross-site scripting vulnerability in Google Chrome's developer tools that allows an attacker to inject malicious scripts or HTML content into a webpage. The attack requires two conditions: first, the attacker must have already compromised Chrome's renderer process (the component that executes web content), and second, the user must be tricked into visiting a specially crafted HTML page. While the initial compromise is a significant prerequisite, once achieved, this vulnerability enables the attacker to execute arbitrary code with the privileges of the browser session, potentially stealing sensitive data or performing actions on behalf of the user.
- CVE-2026-11034MEDIUM 6.1
Google Chrome on Android contains a vulnerability in its Tab Group Sync feature that allows attackers to inject malicious scripts or HTML into web pages. An attacker with network access can craft malicious traffic to exploit insufficient input validation, potentially displaying fake content or stealing user information from websites. This affects Chrome versions prior to 149.0.7827.53.
- CVE-2026-0018MEDIUM 5.5
CVE-2026-0018 is a denial-of-service vulnerability in Android's AccessibilityManagerService that allows a local attacker with user-level privileges to crash or hang the accessibility subsystem persistently. No special permissions, code execution, or user interaction are required to trigger the flaw—an authenticated local process can simply send malformed input to designated service functions that fail to properly validate their parameters. This could degrade or disable accessibility features for affected users.
- CVE-2026-0070MEDIUM 5.5
A flaw in Android's DevicePolicyManagerService allows a local attacker with standard user privileges to hide critical system packages through improper validation of input parameters. This creates a denial-of-service condition by making essential system components inaccessible, potentially rendering the device unstable or non-functional without requiring any special permissions or user interaction.
- CVE-2026-0085MEDIUM 5.5
A flaw in Android's contact data handling allows a local attacker to crash the system by inserting an unusually large contact name. The vulnerability exists in the DataRowHandler component, which fails to properly validate the size of contact name input before processing it. Because the attack requires only local access and no special privileges, any app on a compromised device could trigger the denial of service without user interaction.
- CVE-2026-28578MEDIUM 5.5
A flaw in Android's device policy management system allows a local attacker to cause the device to become unstable or unresponsive by exploiting improper input validation in DevicePolicyManagerService. An attacker with basic user-level access can trigger this issue without user interaction, potentially disrupting device functionality. This is a local denial-of-service vulnerability with no remote attack vector.
- CVE-2026-10566MEDIUM 5.3
A vulnerability exists in FoundationAgents MetaGPT versions up to 0.8.2 that allows local attackers with user-level privileges to trigger unsafe deserialization through manipulation of function arguments in the Message.check_instruct_content handler. An attacker with local access and basic user permissions can exploit this to potentially read, modify, or disrupt system operations. Public exploit code is available, increasing near-term risk for organizations running affected versions.
- CVE-2026-3620MEDIUM 4.4
The Word Replacer plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability affecting all versions through 0.4. An attacker with administrator-level access can inject malicious scripts through the plugin's 'replacement' parameter. These scripts persist in the WordPress database and execute whenever any user visits an affected page, potentially allowing credential theft, session hijacking, or defacement. The vulnerability stems from inadequate input validation and output encoding in the plugin code.
- CVE-2026-11031MEDIUM 4.3
Google Chrome's Password Manager fails to properly validate input from network traffic before displaying it to users. An attacker can craft malicious network data that tricks the Password Manager interface into showing fake or misleading information—for example, a phishing prompt that looks legitimate. This affects Chrome versions before 149.0.7827.53 on Windows, macOS, and Linux.
- CVE-2026-30963LOW 3.9
Capsule is a Kubernetes framework that uses webhooks to prevent tenant administrators from hijacking namespaces—essentially taking control of cluster resources they shouldn't own. The framework checks most update requests, but it misses two specific APIs (namespace/status and namespace/finalize subresources) that can also change namespace ownership markers. Before version 0.13.0, a tenant admin with permission to use these subresources could bypass the webhook protection and seize a namespace. Version 0.13.0 patches this gap by ensuring the webhook intercepts both subresource types.
- CVE-2026-44367LOW 2.7
Klaw, a Kafka topic management and governance platform, contains a vulnerability in how it handles usernames during registration and login. The system doesn't consistently apply case sensitivity rules—treating 'Admin' and 'admin' as different or the same depending on the operation—which allows authenticated users with administrative privileges to deliberately lock out accounts or trigger denial of service conditions. This is a low-severity issue requiring administrative access to exploit, but it can impact operational availability if administrators use it maliciously or if the inconsistency is exploited in targeted attacks. The flaw was fixed in version 2.10.4.