2026 · High

High-severity vulnerabilities disclosed in 2026

High-rated CVEs published in 2026, with SEC.co remediation and prioritization guidance.

536 published vulnerabilities · page 2 of 6

  • CVE-2026-11003HIGH 8.8

    Google Chrome versions before 149.0.7827.53 contain a use-after-free vulnerability in its WebRTC component that could allow an attacker to run arbitrary code within Chrome's sandbox by tricking a user into visiting a malicious web page. While the underlying flaw is rated Medium severity by Chromium, the CVSS score reflects the practical impact: network delivery with minimal user friction and full compromise of confidentiality, integrity, and availability within the sandboxed process.

  • CVE-2026-11024HIGH 8.8

    A stack buffer overflow vulnerability exists in the Skia graphics library, which is used by Google Chrome. An attacker could craft a malicious HTML page that, when viewed by a user, potentially corrupts stack memory and compromises the browser process. The vulnerability requires user interaction (visiting a malicious webpage) but presents significant risk because it can lead to code execution with the privileges of the Chrome process. Google Chrome versions prior to 149.0.7827.53 are affected.

  • CVE-2026-11028HIGH 8.8

    A use-after-free vulnerability exists in Google Chrome's media handling on Linux and ChromeOS. If an attacker compromises Chrome's renderer process—the sandboxed component that interprets web content—they can craft a malicious HTML page to execute arbitrary code within that sandbox. This is a post-compromise attack that escalates the damage from a renderer breach but does not grant escape from the sandbox itself.

  • CVE-2026-11030HIGH 8.8

    Google Chrome versions prior to 149.0.7827.53 contain a use-after-free vulnerability in the Network component that can be triggered by malicious network traffic. An attacker who crafts and delivers hostile network packets to a user's browser could potentially corrupt the heap memory, leading to code execution with the privileges of the browser process. User interaction (such as visiting a malicious website or receiving crafted network data) is required for exploitation.

  • CVE-2026-1784HIGH 8.8

    A flaw in OpenShift's Route resource allows users with low-level cluster access to inject malicious HAProxy configuration through the spec.path field. Because validation of this field is insufficient, an attacker can bypass intended restrictions and alter how traffic is routed, potentially redirecting requests or exposing sensitive data. This is a local privilege escalation risk requiring existing cluster access but delivering high-impact consequences.

  • CVE-2026-1829HIGH 8.8

    The Content Visibility for Divi Builder plugin for WordPress contains a critical flaw that allows attackers with basic WordPress user access to run arbitrary code on affected servers. The vulnerability exists in how the plugin processes a specific shortcode parameter without proper validation, creating a direct path to server compromise. Any WordPress installation using this plugin up to version 4.02 is at risk if it has users with Contributor access or higher privileges.

  • CVE-2026-22054HIGH 8.8

    NetApp Active IQ Config Advisor version 6.7.3 contains hard-coded credentials embedded in the application code. An attacker with valid login credentials—even with minimal user privileges—can exploit these hard-coded credentials to perform AutoSupport operations without authorization. AutoSupport is a critical diagnostic and support feature that transmits sensitive system configuration and performance data to NetApp; unauthorized use could lead to data exfiltration, system misconfiguration, or support channel manipulation.

  • CVE-2026-22055HIGH 8.8

    Active IQ OneCollect version 2.7.3 contains hard-coded credentials embedded in the application. An authenticated user with basic network access can exploit these credentials to perform unauthorized AutoSupport operations—potentially exfiltrating sensitive system telemetry, configuration data, or triggering unwanted support actions. The vulnerability requires an attacker to already have valid credentials to an affected system, but once authenticated, the hard-coded secrets bypass normal access controls and allow privilege escalation to perform high-impact operations.

  • CVE-2026-30650HIGH 8.8

    A remote code execution flaw exists in Vivotek FD8136 network cameras that allows an authenticated attacker to take complete control of the device. The vulnerability resides in the admin interface's event task handler and can be exploited over the network without user interaction, enabling an attacker with valid credentials to execute arbitrary commands with root-level privileges.

  • CVE-2026-30652HIGH 8.8

    A buffer overflow flaw in Vivotek FD8136 network cameras allows authenticated users with admin access to run malicious code with root-level privileges on the device. The vulnerability exists in a specific administrative interface endpoint and affects cameras running firmware version FD8136-VVTK-0300a. An attacker would need valid credentials to exploit it, but once inside the admin panel, they could completely compromise the camera and potentially use it as a foothold into your network.

  • CVE-2026-35082HIGH 8.8

    A vulnerability in MBS Solutions' universal gateway firmware and related products allows an authenticated user to read arbitrary files from the affected system. The ugw-logread method does not properly validate file path inputs, enabling attackers with legitimate user credentials to bypass access controls and retrieve sensitive data they shouldn't be able to access. This is a local file disclosure issue that requires valid user credentials to exploit.

  • CVE-2026-35083HIGH 8.8

    A stack buffer overflow vulnerability exists in MBS Solutions' industrial gateway and protocol converter products. An attacker with valid user credentials can send a specially crafted network request to trigger memory corruption, allowing them to execute arbitrary code with root-level privileges. This is a serious vulnerability because it requires no user interaction, operates over the network, and completely bypasses system security once exploited.

  • CVE-2026-35084HIGH 8.8

    A stack buffer overflow vulnerability in the dali-devconfig component affects a broad range of MBS Solutions gateway and protocol conversion devices. An attacker with basic user-level access to the network can send a specially crafted request that overwrites memory on the device, potentially achieving full root-level system compromise. This is a particularly serious issue because these devices typically operate as trusted infrastructure components in industrial and building automation networks, where an attacker gaining root access could manipulate critical system functions or pivot to downstream systems.

  • CVE-2026-35085HIGH 8.8

    A stack buffer overflow vulnerability in gdv-serverconfig affects a broad range of MBS Solutions gateway and interface devices. An authenticated attacker with standard user privileges can send a specially crafted network request to trigger the overflow and execute arbitrary code with root-level system access. The vulnerability requires valid user credentials to exploit but no user interaction, making it a significant risk in environments where user account compromise is possible.

  • CVE-2026-35671HIGH 8.8

    phpMyFAQ versions before 4.1.3 contain a privilege escalation vulnerability in the admin password management API. An authenticated administrator with low-level privileges can manipulate API requests to reset any user's password, including SuperAdmin accounts, bypassing normal authorization checks. This allows attackers to seize full control of the FAQ system.

  • CVE-2026-35674HIGH 8.8

    OpenClaw versions before 2026.5.18 contain a privilege escalation flaw in their chat messaging system. An attacker with basic operator permissions can bypass security controls meant to restrict high-risk actions—such as modifying plugins, configurations, or access policies—by sending commands through internal message routes. This allows someone with limited access to act as if they have full administrative privileges.

  • CVE-2026-36607HIGH 8.8

    A vulnerability in Mercusys AC12G (EU) V1 routers allows attackers on the same local network to repeatedly guess the administrator password without limit. Unlike the normal login interface which enforces rate limiting, the password change feature in the router's management protocol accepts unlimited guesses, giving attackers a straightforward path to full administrative access.

  • CVE-2026-36608HIGH 8.8

    A vulnerability in Mercusys AC12G (EU) V1 routers running firmware version AC12G(EU)_V1_200909 allows anyone connected to the local network to use UPnP port forwarding to redirect traffic destined for the internet directly to the router's admin interface. The vulnerability exists because the router's UPnP implementation doesn't properly validate the destination address when setting up port mappings—it accepts requests to forward ports to the router's own IP address (192.168.1.1) or localhost (127.0.0.1), which should never be allowed. An attacker on the LAN can exploit this with a single SOAP request to expose the administrative panel to the public internet without authentication, bypassing all network boundary protections.

  • CVE-2026-41236HIGH 8.8

    Froxlor version 2.3.6 contains a privilege escalation vulnerability in its SSH key synchronization mechanism for FTP users. An attacker with shell access to a customer account can exploit a symlink-following flaw to redirect the root-owned SSH key provisioning process into writing unauthorized keys to the system root account, granting SSH access as root. This vulnerability requires prior authentication and file system access on the affected system but results in complete system compromise.

  • CVE-2026-41860HIGH 8.8

    BOSH, a widely-used Infrastructure-as-Code and deployment orchestration platform, contains a flaw in how it validates SSL/TLS certificates when communicating with internal services like the BOSH director and UAA (User Account and Authentication). Specifically, the HttpRequestHelper component explicitly disables certificate verification (VERIFY_NONE), which means an attacker with local access to the network can intercept and eavesdrop on these communications. This allows stealing Basic authentication credentials or session tokens, potentially granting unauthorized access to your deployment infrastructure. The vulnerability affects all BOSH versions up through v282.1.8; version 282.1.9 and later include the fix.

  • CVE-2026-42359HIGH 8.8

    Apache Airflow contains a bypass of an earlier security fix that allows authenticated users with restricted permissions to inject malicious code into deferred tasks. An attacker with legitimate write access to task metadata can craft a specially formatted request to set hidden configuration values that trigger remote code execution when the task resumes. This affects organizations where any untrusted team members have editing permissions on Airflow workflows.

  • CVE-2026-43623HIGH 8.8

    microtar, a lightweight TAR archive library, contains a critical flaw in how it processes TAR file headers. When an attacker crafts a malicious TAR archive with improperly formatted header fields, the library's parsing function attempts to copy data using unsafe string operations, writing far more data than the allocated buffer can hold. This corrupts memory on the stack, potentially allowing attackers to crash applications or execute arbitrary code. Any application that uses microtar to process untrusted TAR files is at risk.

  • CVE-2026-43985HIGH 8.8

    Tautulli, a Python-based tool that monitors and manages Plex Media Server, contains a critical flaw in how it handles administrator settings changes. In versions before 2.17.1, an attacker can trick a logged-in administrator into visiting a malicious webpage, which silently changes the Tautulli admin username and password without the administrator's knowledge or consent. Once the credentials are changed, the attacker can log in directly and gain complete control of the Tautulli interface. This is a straightforward but dangerous type of attack that exploits the trust between a user's browser and the Tautulli server.

  • CVE-2026-44238HIGH 8.8

    FreePBX versions before 16.0.50 and 17.0.11 contain a SQL injection vulnerability in the CDR (Call Detail Records) Reports module. An authenticated user with CDR section access can manipulate the 'order' and 'sort' parameters to inject arbitrary SQL commands, potentially reading, modifying, or deleting sensitive database content. Unlike many vulnerabilities requiring administrative accounts, this one only needs standard CDR access, broadening the pool of potential attackers within an organization.

  • CVE-2026-44239HIGH 8.8

    FreePBX, a widely deployed open-source phone system platform, contains a path traversal vulnerability in its Dashboard module that allows authenticated users to execute arbitrary PHP code. By manipulating a parameter in a web request, an attacker can bypass normal file access restrictions and cause the system to load and execute specially-named PHP files from unexpected locations on the server. This is a serious issue because it grants code execution to any user with valid login credentials.

  • CVE-2026-44420HIGH 8.8

    FreeRDP, a widely-used open-source Remote Desktop Protocol implementation, contains a flaw in its clipboard handling that allows an authenticated attacker to crash the RDP server or potentially execute arbitrary code. A malicious RDP client can send a specially crafted clipboard message with an invalid size parameter, causing the server to write past the bounds of allocated memory. This affects FreeRDP versions prior to 3.26.0. The vulnerability requires valid RDP credentials to exploit, limiting the attack surface to authenticated threat actors.

  • CVE-2026-44421HIGH 8.8

    FreeRDP, an open-source Remote Desktop Protocol client, contains a memory safety flaw that can be exploited by a malicious RDP server. When a FreeRDP client connects to an attacker-controlled server with graphics acceleration enabled, the attacker can send specially crafted network packets that trigger a heap buffer overflow during graphics operations. This memory corruption can crash the client or potentially allow remote code execution on the user's machine. The vulnerability requires user interaction (initiating an RDP connection) but does not require authentication, making it a practical attack vector against organizations that rely on remote desktop functionality.

  • CVE-2026-46113HIGH 8.8

    A use-after-free vulnerability exists in the Linux kernel's KVM (Kernel Virtual Machine) shadow page table management. The issue arises when guest page tables are modified between VM entries, causing KVM to track memory references incorrectly. This can lead to the kernel accessing freed memory structures, potentially allowing a local attacker with guest access to crash the system or execute code with elevated privileges. The vulnerability requires local access and affects systems running KVM with shadow paging enabled.

  • CVE-2026-46125HIGH 8.8

    CVE-2026-46125 is a memory safety bug in Linux kernel WiFi driver code that can cause system crashes or privilege escalation. When the kernel attempts to establish a multi-link WiFi connection and that setup fails, the code incorrectly retains station references that should have been cleaned up. This leaves dangling pointers in memory that can be exploited or cause the system to crash when the kernel debugfs interface tries to access them later. The vulnerability requires local network access and affects systems with WiFi enabled.

  • CVE-2026-46152HIGH 8.8

    A vulnerability in the Linux kernel's WiFi driver (mac80211) allows concurrent network packet processing threads to interfere with each other. The issue stems from a shared variable that should have been unique to each processing thread. When multiple packets arrive simultaneously, one thread's processing result can be overwritten by another, causing packets to be misrouted or incorrectly marked as already processed. This can lead to dropped packets, incorrect packet handling, or exposure of network data.

  • CVE-2026-46166HIGH 8.8

    A memory safety flaw exists in the Linux kernel's Wi-Fi driver subsystem (mac80211). When the kernel performs radar detection checks on wireless channels, it can inadvertently access memory that has already been freed, potentially causing a system crash or enabling privilege escalation. The issue stems from unsafe iteration over a list of wireless channel contexts that can be modified during the operation.

  • CVE-2019-25719HIGH 8.6

    Dräger's Infinity patient monitoring systems contain flaws in how they handle network communications that allow an attacker on the same network segment—or within wireless range—to interfere with device operation. An attacker could change critical alarm settings, flood the device with traffic to force a reboot, or disrupt network connectivity. The vulnerability affects Infinity Acute Care System and Standalone M540 monitors running software versions VG4.1.1, VG4.0.3, and earlier.

  • CVE-2022-4992HIGH 8.6

    Dräger patient monitors—specifically the Infinity Acute Care System and Standalone M540 models—contain a flaw in how they handle network messages. An attacker on the network can send malicious or fake data to these devices without needing credentials, which could cause them to reboot, lose connectivity, or have their alarm settings altered. This is especially serious in clinical environments where patient monitoring continuity is critical.

  • CVE-2024-40646HIGH 8.6

    Vertex, a management tool for private tracker users, contains a path traversal vulnerability that allows remote attackers to access files outside their intended directory. An attacker can craft malicious requests to navigate the file system and read sensitive data without authentication. The vulnerability affects all versions prior to a specific patch commit and carries a high severity rating due to its ease of exploitation and significant impact on confidentiality.

  • CVE-2026-37232HIGH 8.6

    OpenAirInterface5G version 2.4.0 contains a vulnerability in how it calculates radio resource block (PRB) utilization metrics for 5G base stations. An attacker on the network can repeatedly request performance monitoring data via the FlexRIC interface, causing the base station software to crash when certain metric calculations divide by zero. The crash takes down the entire 5G cell, disconnecting all users. This requires no authentication and can be triggered remotely.

  • CVE-2026-44461HIGH 8.6

    Zed, a modern code editor, has a vulnerability in how it constructs commands for remote development over SSH or WSL (Windows Subsystem for Linux). When opening a terminal in a remote session, Zed builds a shell command that includes environment variables, but it doesn't properly escape or validate the names of those variables. An attacker who can inject a malicious environment variable name—such as through project-level terminal settings—can embed shell commands within that name. When the remote shell executes the command, it interprets these embedded instructions, allowing arbitrary code execution on the remote machine under the user's privileges. The flaw has been patched in version 0.227.1.

  • CVE-2026-44463HIGH 8.6

    Zed, a modern code editor, contains a security flaw in how it controls which programs can run in the integrated terminal. An attacker can bypass these permission restrictions by sneaking environment variable assignments into commands that are supposed to be allowed. By manipulating variables like PAGER, an attacker can redirect the editor to run malicious code when it attempts to display output. This affects Zed versions before 0.229.0 and is resolved in that release.

  • CVE-2026-35563HIGH 8.5

    A flaw in Apache Directory LDAP API version 2.1.7 allows an attacker with network interception capability to impersonate an LDAP server. The library validates that a certificate is signed by a trusted authority but fails to confirm that the certificate was actually issued for the LDAP server being connected to. An attacker positioned between a client and server can present any valid certificate from their trust store, hijacking the connection and accessing sensitive authentication and directory data.

  • CVE-2018-25383HIGH 8.4

    Free MP3 CD Ripper version 2.8 contains a critical flaw in how it processes WMA audio files. When a user opens a specially crafted malicious WMA file through the application's Convert function, the software fails to properly validate the file structure, causing a memory overflow. This overflow allows an attacker to inject and execute malicious code on the affected computer. The vulnerability is particularly serious because it can circumvent Windows DEP (Data Execution Prevention) protection—a core OS security feature—by leveraging exception handling tricks to execute arbitrary commands with the same privileges as the user running the application.

  • CVE-2018-25432HIGH 8.4

    Arm Whois version 3.11 contains a buffer overflow flaw that allows attackers with local access to execute arbitrary code. The vulnerability stems from insufficient bounds checking when processing input, allowing an attacker to craft a specially crafted file that overwrites critical memory structures used by Windows exception handling. This hijacking of the structured exception handler (SEH) gives the attacker the ability to run malicious code with the privileges of the user running the application.

  • CVE-2019-25718HIGH 8.4

    The Dräger Infinity Explorer C700, a patient monitor interface device, contains a vulnerability that allows an attacker with local access to break out of its restricted kiosk environment and gain full control of the underlying operating system. Once escaped from kiosk mode, an attacker can manipulate the device's display, causing it to show incorrect patient data or no data at all—a serious concern in clinical settings where accurate vital sign monitoring is critical to patient safety.

  • CVE-2019-25733HIGH 8.4

    NetShareWatcher version 1.5.8.0 contains a memory safety flaw that lets a local attacker run malicious code on an affected system. The vulnerability exists in how the application handles user-supplied text in its Restrictions custom filter field. When a specially crafted filter is supplied and the Find function is triggered, the application's exception handling mechanism can be hijacked to execute arbitrary commands with the privileges of the user running NetShareWatcher. This is a local-only attack—the attacker must have access to the machine running the application.

  • CVE-2019-25735HIGH 8.4

    AllPlayer version 7.4 contains a buffer overflow flaw in how it processes URLs. When a user opens the application's URL dialog and pastes an unusually long URL string, the application fails to validate the input length properly. This allows an attacker to overwrite critical memory structures called structured exception handlers (SEH pointers), which Windows uses to manage error handling. By crafting a malicious URL, an attacker can hijack this process to execute arbitrary commands on the affected system with the same privileges as the logged-in user.

  • CVE-2019-25736HIGH 8.4

    LabF nfsAxe 3.7 Ping Client is vulnerable to a buffer overflow flaw that allows an unauthenticated attacker with local system access to run arbitrary code. An attacker can craft a malicious input file and submit it through the Host IP field to overwrite memory and execute commands with the privileges of the user running the application.

  • CVE-2024-52011HIGH 8.3

    CVE-2024-52011 is a command injection vulnerability in the launch-editor library, a Node.js utility that opens files in text editors with specified line numbers. Before version 2.9.0, the library failed to properly sanitize filename input on Windows systems, allowing an attacker to inject and execute arbitrary commands by crafting a malicious filename. An attacker would need to trick a user into opening a specially crafted file—typically through a development workflow, build process, or IDE integration—to trigger code execution with the privileges of the affected user.

  • CVE-2026-10000HIGH 8.3

    A use-after-free memory vulnerability exists in Google Chrome's password management system on Windows. An attacker who has already compromised Chrome's renderer process (the sandboxed component that displays web pages) could exploit this flaw through a malicious HTML page to escape the sandbox and gain system-level access. This is a multi-stage attack: the attacker must first achieve renderer compromise, then leverage this vulnerability to break out of Chrome's security boundary.

  • CVE-2026-10001HIGH 8.3

    A use-after-free flaw in Chrome's PerformanceManager could let an attacker escape the browser sandbox if they've already compromised the rendering engine. The attack requires a specially crafted web page and user interaction, but success could grant full system access. This affects Chrome versions before 148.0.7778.216.

  • CVE-2026-10012HIGH 8.3

    A use-after-free flaw in Chrome's Skia graphics library allows an attacker who controls the browser's renderer process to escape the sandbox and execute arbitrary code on the underlying system. The attack requires a malicious HTML page and user interaction, but once the renderer is compromised, the vulnerability enables full system compromise. This is particularly dangerous because renderer exploits are common entry points; this flaw raises the stakes by providing a bridge from that compromised renderer to the host OS.

  • CVE-2026-10014HIGH 8.3

    A use-after-free memory flaw in Chrome's WebMIDI implementation on Android allows an attacker who has already compromised Chrome's renderer process to escape the sandbox through a specially crafted web page. This is a privilege escalation attack: the attacker must first breach the renderer sandbox, then exploit this vulnerability to break out and gain full device access.

  • CVE-2026-10017HIGH 8.3

    A memory read vulnerability exists in Google Chrome's Headless mode that could allow an attacker to escape the browser's security sandbox. If an attacker first compromises the renderer process—the part of Chrome that interprets web pages—they could craft a malicious HTML page to trigger an out-of-bounds read, potentially breaking out of the sandbox and gaining broader system access. This vulnerability requires the renderer to already be compromised, which is a significant precondition, but the consequence of successful exploitation is severe.

  • CVE-2026-10020HIGH 8.3

    A flaw in Chrome's Skia graphics library on Android allows an attacker who has already compromised Chrome's renderer process to escape the security sandbox and gain full device access. The vulnerability requires the user to visit a specially crafted webpage, but the heavy lifting—compromising the renderer first—means this is a two-stage attack. Chrome versions before 148.0.7778.216 on Android are affected.

  • CVE-2026-10105HIGH 8.3

    Agno version 2.6.5 contains a SQL injection flaw in its ClickHouse vector database integration. An authenticated attacker can inject malicious SQL commands through the delete_by_metadata() function by crafting specially formatted metadata keys and values. This allows an attacker to delete database records, steal sensitive data, or manipulate stored information. The vulnerability requires valid credentials to exploit, but once authenticated, an attacker has significant control over the database.

  • CVE-2026-10884HIGH 8.3

    A use-after-free memory vulnerability exists in Google Chrome's Chromecast component that could allow an attacker to escape the browser's sandbox if the attacker has already compromised the renderer process. The vulnerability requires user interaction and specific browser conditions, but successful exploitation could grant an attacker unauthorized access to the host system. Google has assigned this a Critical severity rating within Chromium's threat model.

  • CVE-2026-10889HIGH 8.3

    A memory reading flaw in Chrome's ANGLE graphics library can let an attacker who has already gained control of the browser's rendering process break out of the Chrome sandbox and access the underlying system. The attack requires a specially crafted web page and user interaction, but once the renderer is compromised, this vulnerability opens a direct path to full system compromise. Chrome versions before 149.0.7827.53 are affected.

  • CVE-2026-10894HIGH 8.3

    A use-after-free flaw in Chrome's printing subsystem on Linux could allow an attacker who already controls the browser's renderer process to break out of Chrome's sandbox protections and gain full system access. The vulnerability is triggered by a specially crafted web page and affects Chrome versions before 149.0.7827.53. While this requires initial compromise of the renderer process, it represents a critical escalation path from web content to system privileges.

  • CVE-2026-10898HIGH 8.3

    A stack buffer overflow vulnerability exists in the GPU component of Google Chrome versions prior to 149.0.7827.53. An attacker who has already compromised Chrome's renderer process can exploit this flaw through a malicious HTML page to break out of the browser sandbox and gain system-level code execution. While the attacker must first compromise the renderer—typically through a separate browser vulnerability or social engineering—the sandbox escape itself represents a critical escalation path that transforms a contained compromise into full system compromise.

  • CVE-2026-10905HIGH 8.3

    A memory safety flaw in Google Chrome's network code allows an attacker who has already compromised the browser's renderer process to escape the sandbox and gain full system access. The vulnerability requires user interaction (opening a malicious HTML page) but poses significant risk because successful exploitation bypasses Chrome's core security boundary—the sandbox that isolates the browser from the operating system.

  • CVE-2026-10908HIGH 8.3

    A use-after-free vulnerability exists in Google Chrome's full-screen functionality on Windows systems. An attacker who has already compromised Chrome's rendering engine could exploit a specially crafted web page to escape the browser sandbox and execute arbitrary code with higher privileges. This requires the attacker to have initial renderer process access, but once achieved, the flaw could allow them to run code outside the sandbox protection layer.

  • CVE-2026-10909HIGH 8.3

    A use-after-free vulnerability in Google Chrome's Dawn graphics engine allows an attacker who has already compromised the browser's renderer process to escape the sandbox through a malicious webpage. This is a high-severity issue because it bridges two separate security boundaries—first gaining control within Chrome's renderer, then breaking out to execute arbitrary code on the underlying operating system.

  • CVE-2026-10911HIGH 8.3

    CVE-2026-10911 is a sandbox escape vulnerability in Google Chrome that allows a remote attacker to break out of the browser's security sandbox if they have already compromised the renderer process. The attack requires crafted HTML content and user interaction, but once successful, it grants an attacker full system access. This is a chained attack scenario: an attacker must first compromise the renderer (the part of Chrome that displays web content) through a separate vulnerability, then use this flaw to escape the sandbox and gain control of the underlying system.

  • CVE-2026-10915HIGH 8.3

    A use-after-free memory vulnerability exists in Google Chrome on iOS that allows an attacker who has already compromised the browser's renderer process to break out of the sandbox and gain deeper system access. The vulnerability requires the attacker to serve a specially crafted HTML page and involves a complex attack chain but poses severe risk because successful exploitation can lead to full compromise of the device. Chrome versions prior to 149.0.7827.53 on iOS are affected.

  • CVE-2026-10917HIGH 8.3

    Google Chrome versions before 149.0.7827.53 contain a media handling flaw that allows an attacker who has already compromised the browser's renderer process to escape the sandbox and gain broader system access. The vulnerability requires user interaction (visiting a specially crafted webpage) but poses a significant risk because renderer compromises are common entry points in real attacks. Once inside the renderer, the flaw gives an attacker a path to elevated privileges on the underlying operating system.

  • CVE-2026-10918HIGH 8.3

    A use-after-free vulnerability in Google Chrome's Viz component allows an attacker who has already compromised the browser's renderer process to potentially escape the sandbox and gain deeper system access. The attacker would need to trick a user into visiting a malicious webpage, but the actual exploitation requires prior renderer compromise, making this a multi-stage attack. While not currently known to be exploited in the wild, the vulnerability represents a meaningful privilege escalation path for sophisticated threat actors who have achieved initial browser process compromise.

  • CVE-2026-10919HIGH 8.3

    A use-after-free bug in Chrome's ANGLE graphics library before version 149.0.7827.53 allows an attacker who already controls the browser's rendering process to break out of the sandbox and gain full system access. The attacker must trick a user into visiting a malicious webpage, but once the renderer is compromised, this flaw provides a path to escape Chrome's isolation boundaries.

  • CVE-2026-10920HIGH 8.3

    A validation flaw in Chrome's WebShare feature on macOS allows an attacker who has already compromised the browser's renderer process to break out of the sandbox through a specially crafted webpage. This is a post-compromise privilege escalation risk—the attacker must first gain code execution within the renderer, but if successful, can gain full system access. Chrome versions before 149.0.7827.53 are affected.

  • CVE-2026-10921HIGH 8.3

    A flaw in Google Chrome's graphics processing library (Dawn) could allow an attacker to break out of the browser's security sandbox if they've already compromised the rendering engine. The vulnerability stems from an integer overflow—a situation where a number calculation wraps around and produces an incorrect value—that could be triggered by a specially crafted webpage. While the attacker would need to have already gained access to the renderer process, successfully exploiting this could grant them the same privileges as the operating system user running Chrome, potentially leading to full system compromise.

  • CVE-2026-10924HIGH 8.3

    A mathematical error in Chrome's Chromecast component allows an attacker who has already compromised Chrome's rendering engine to break out of the browser sandbox and gain full system access. The attacker needs to trick a user into visiting a malicious webpage while the renderer is already compromised. This is a serious vulnerability because sandbox escape means the attacker moves from limited browser permissions to unrestricted control of the entire device.

  • CVE-2026-10925HIGH 8.3

    A memory corruption flaw exists in the Skia graphics library within Google Chrome on macOS. An attacker who has already compromised Chrome's renderer process can exploit this out-of-bounds write to break out of the browser sandbox and gain system-level access. The attack requires user interaction (visiting a malicious webpage) but bypasses Chrome's primary security boundary once the renderer is under attacker control.

  • CVE-2026-10927HIGH 8.3

    A memory reading flaw in Google Chrome's graphics component (Dawn) prior to version 149.0.7827.53 allows attackers who have already compromised the browser's renderer process to escape the sandbox through a specially crafted webpage. This is a two-stage attack: first an attacker must find a way into the renderer, then this vulnerability allows them to break out entirely.

  • CVE-2026-10929HIGH 8.3

    A memory safety flaw in ANGLE (the graphics abstraction layer used by Chrome) allows an attacker who has already compromised Chrome's sandboxed renderer process to escape that sandbox and gain full system access on Android devices. The attacker must trick a user into visiting a malicious webpage. This affects Chrome versions prior to 149.0.7827.53 on Android.

  • CVE-2026-10933HIGH 8.3

    A use-after-free vulnerability exists in Google Chrome's audio processing component on Windows systems. An attacker who has already compromised Chrome's renderer process could exploit this flaw through a specially crafted web page to escape the browser sandbox and gain higher privileges on the system. This requires an initial renderer compromise, but if successful, could lead to full system takeover.

  • CVE-2026-10934HIGH 8.3

    Google Chrome on Android contains a use-after-free vulnerability in its Autofill feature that could allow an attacker to escape the browser sandbox. The flaw requires an attacker to first compromise Chrome's renderer process—the component responsible for parsing and displaying web content—and then trick a user into visiting a malicious webpage. If successful, the attacker could break out of Chrome's security sandbox and gain broader access to the device. This vulnerability affects Chrome versions prior to 149.0.7827.53 on Android.

  • CVE-2026-10940HIGH 8.3

    A race condition vulnerability in Chrome's media codec handling allows an attacker who has already compromised Chrome's renderer process to escape the browser sandbox on Windows systems. The attacker would need to trick a user into visiting a specially crafted website, but once the renderer is compromised, this flaw could give the attacker full system-level access. Chrome versions before 149.0.7827.53 on Windows are affected.

  • CVE-2026-10949HIGH 8.3

    A heap buffer overflow vulnerability in Google Chrome's video handling component allows an attacker who has already compromised Chrome's renderer process to escape the browser sandbox and gain system-level access. The attacker would need to craft a malicious HTML page to trigger the overflow, but exploitation requires the renderer to be already compromised—making this a post-compromise escape vector rather than a direct attack from an untrusted webpage. Chrome versions before 149.0.7827.53 are vulnerable on Windows, macOS, and Linux systems.

  • CVE-2026-10953HIGH 8.3

    A use-after-free vulnerability exists in Google Chrome for Android versions prior to 149.0.7827.53. An attacker who has already compromised Chrome's renderer process can exploit this flaw by crafting a malicious HTML page to break out of the browser sandbox and gain system-level access to the Android device. This is a post-compromise escalation risk rather than a direct entry point, but it significantly amplifies the impact of any renderer exploit.

  • CVE-2026-10960HIGH 8.3

    CVE-2026-10960 is a sandbox escape vulnerability in Google Chrome's video codec handling. An attacker who has already compromised Chrome's renderer process—the sandboxed component responsible for processing web content—can exploit an uninitialized variable in the codec logic to break out of the sandbox and gain full system access. The attack requires a crafted HTML page and user interaction, but once the renderer is compromised, the attacker can leverage this flaw to escalate to native code execution outside Chrome's security boundary.

  • CVE-2026-10961HIGH 8.3

    Chrome for iOS users running versions prior to 149.0.7827.53 face a critical sandbox escape vulnerability. A malicious website can exploit a use-after-free memory flaw to break out of Chrome's security sandbox if the attacker first compromises the renderer process—the component that handles webpage content. Once the sandbox is escaped, an attacker gains direct access to the device, potentially leading to theft of credentials, personal data, or malware installation. The vulnerability requires user interaction (visiting a crafted page) but is otherwise remotely exploitable.

  • CVE-2026-10967HIGH 8.3

    A use-after-free flaw exists in Chrome's SurfaceCapture feature on Android that allows an attacker to escape the browser sandbox. The vulnerability requires the attacker to first compromise Chrome's renderer process and then trick a user into visiting a malicious webpage. If successful, the attacker could break out of Chrome's security sandbox and gain elevated privileges on the device. This affects Chrome versions before 149.0.7827.53 on Android.

  • CVE-2026-10970HIGH 8.3

    Google Chrome versions prior to 149.0.7827.53 contain a vulnerability in how the browser validates input data related to Interest Groups—a feature used for targeted advertising. An attacker who has already compromised Chrome's renderer process (the part that executes web content) can exploit insufficient input validation to break out of the browser's sandbox—the security boundary designed to isolate web content from the rest of your system. This requires the attacker to first gain renderer access and trick a user into visiting a crafted webpage, but if successful, allows full control over the victim's machine.

  • CVE-2026-11010HIGH 8.3

    A use-after-free memory safety bug in Chrome's WebShare feature on Android allows an attacker who has already compromised the browser's renderer process to escape the sandbox and gain elevated system privileges by tricking a user into visiting a malicious webpage. While the initial compromise requires the renderer to already be under attacker control, the sandbox escape represents a critical escalation path.

  • CVE-2026-11012HIGH 8.3

    A use-after-free vulnerability exists in Google Chrome's Serial API on Android devices running versions before 149.0.7827.53. An attacker who has already compromised Chrome's renderer process can exploit this flaw by serving a specially crafted HTML page to achieve a sandbox escape—breaking out of Chrome's security isolation layer. While the underlying Chromium issue is rated Medium severity by Google, the CVSS 3.1 score of 8.3 reflects the HIGH impact potential when combined with renderer compromise.

  • CVE-2026-32905HIGH 8.3

    OpenClaw versions before 2026.5.4 contain a flaw that lets users with basic chat access create device enrollment codes they shouldn't be able to generate. An attacker with legitimate chat permissions can issue bootstrap codes that add new devices with full operator and node-level capabilities to the system. Once enrolled, these devices retain administrative credentials indefinitely until an administrator manually removes them, creating a persistent backdoor.

  • CVE-2026-42941HIGH 8.3

    Danelec MacGregor's Voyage Data Recorder (VDR) devices ship with hardcoded default credentials that cannot be forced to change, allowing unauthenticated network attackers to gain administrative access. This is a straightforward but high-impact authentication bypass on a maritime safety-critical system.

  • CVE-2018-25382HIGH 8.2

    Zechat 1.5 contains an SQL injection flaw in its profile.php endpoint that allows attackers to inject malicious SQL commands through the username parameter without authentication. By crafting specially formatted requests, an attacker can extract database structure information and sensitive data directly from the application's backend database.

  • CVE-2018-25385HIGH 8.2

    E-Registrasi Pencak Silat version 18.10 contains an SQL injection flaw that allows attackers without credentials to retrieve sensitive data from the application's database. By crafting malicious requests to the monitor_nilai.php endpoint, an attacker can inject SQL commands through the id_partai parameter to extract admin credentials, user records, and other protected information. No authentication is required to attempt this attack.

  • CVE-2018-25386HIGH 8.2

    HaPe PKH 1.1 contains multiple SQL injection flaws in its admin media management interface that allow attackers to inject malicious SQL commands and extract sensitive database information. Unauthenticated attackers can target the village module, while authenticated users can exploit several administrative modules. The vulnerability stems from improper handling of the 'id' parameter, enabling attackers to manipulate database queries and retrieve system-level data such as database credentials, names, and DBMS version details.

  • CVE-2018-25389HIGH 8.2

    HaPe PKH 1.1 is vulnerable to SQL injection through the 'nama_kelompok' parameter in the lap-anggota-kelompok-pdf.php endpoint. An attacker can send a specially crafted request without authentication to execute arbitrary SQL commands, enabling extraction of sensitive database information using time-based blind techniques. This is a direct-to-database attack that bypasses application logic entirely.

  • CVE-2018-25390HIGH 8.2

    HaPe PKH 1.1 is vulnerable to SQL injection through its lap-peserta-perdesa-pdf.php endpoint. An attacker can send a specially crafted request containing SQL code in the 'desa' POST parameter to manipulate database queries without authentication. Using time-based blind SQL injection techniques, an adversary can extract sensitive information from the underlying database by observing query response delays.

  • CVE-2018-25394HIGH 8.2

    Kados R10 GreenBee contains an SQL injection flaw that allows attackers without authentication to read sensitive database information by crafting malicious web requests. The vulnerability exists in a administrative function that fails to properly validate user input, enabling an attacker to embed SQL commands directly into the system's database queries. This could expose usernames, database names, and system version details.

  • CVE-2018-25395HIGH 8.2

    Kados R10 GreenBee contains a critical SQL injection flaw in its board feature management interface. An attacker without authentication can craft a specially formatted web request targeting the feature update function to inject arbitrary SQL commands directly into the database. This allows the attacker to read sensitive data like database credentials, user information, and system details—potentially exposing the entire database to compromise.

  • CVE-2018-25398HIGH 8.2

    CVE-2018-25398 is an unauthenticated SQL injection vulnerability in Open ISES Project version 3.30A. An attacker can craft malicious database queries and submit them through the frm_passwd parameter in POST requests to main.php, bypassing authentication entirely. This allows extraction of sensitive database contents—usernames, database names, system versions—without needing valid credentials. The vulnerability is remotely exploitable with no special conditions required.

  • CVE-2018-25399HIGH 8.2

    Open ISES Project version 3.30A contains an SQL injection flaw in its nearby.php endpoint that lets unauthenticated attackers inject malicious SQL commands through two URL parameters: tick_lat and tick_lng. An attacker can craft a simple GET request to extract sensitive information from the underlying database, such as usernames, database identifiers, and version numbers. No authentication is required, and exploitation is straightforward—making this a high-severity issue for any organization running this software.

  • CVE-2018-25400HIGH 8.2

    Open ISES Project version 3.30A contains an unauthenticated SQL injection vulnerability in its form submission endpoint. An attacker can craft malicious SQL code and send it through a web request to extract sensitive information from the application's database without needing valid credentials. The vulnerability requires no user interaction and can be exploited over the network, making it a significant remote threat.

  • CVE-2018-25401HIGH 8.2

    Open ISES Project version 3.30A is vulnerable to SQL injection through an unauthenticated web interface. An attacker can craft malicious database queries and send them via HTTP GET requests to the sever_graph.php endpoint, bypassing authentication entirely. This allows extraction of sensitive database schema and contents without legitimate access.

  • CVE-2018-25402HIGH 8.2

    Open ISES Project version 3.30A contains an SQL injection vulnerability accessible to unauthenticated attackers over the network. By crafting malicious SQL statements in the p1 parameter of GET requests to inc_types_graph.php, an attacker can query the underlying database directly, potentially exposing schema details, user records, and other sensitive stored data. The vulnerability requires no authentication or user interaction, making it relatively straightforward to exploit.

  • CVE-2018-25403HIGH 8.2

    A SQL injection vulnerability exists in Open ISES Project version 3.30A that allows attackers without authentication to inject malicious database commands through a web parameter. By crafting specially designed requests to the city_graph.php file, attackers can extract sensitive information from the underlying database, including schema details and other stored data. The vulnerability requires no user interaction and can be exploited over the network.

  • CVE-2018-25404HIGH 8.2

    Open ISES Project version 3.30A is vulnerable to SQL injection through its add_facnote.php endpoint. An attacker can craft malicious SQL code in the ticket_id parameter and send it via a GET request without needing to authenticate first. This allows the attacker to read sensitive data directly from the database, including version information and other confidential records. The vulnerability requires no special conditions—any internet-connected instance of the software is at risk.

  • CVE-2018-25405HIGH 8.2

    eNdonesia Portal version 8.7 is vulnerable to multiple SQL injection flaws that allow unauthenticated attackers to extract sensitive data directly from the database. An attacker can manipulate specific web parameters—artid, cid, did, contid, and aboutid in the mod.php file—to inject malicious SQL commands. This bypasses normal authentication and gives direct access to usernames, database credentials, and system version information without requiring any valid user account.

  • CVE-2018-25406HIGH 8.2

    eNdonesia Portal version 8.7 contains multiple SQL injection flaws that allow attackers without authentication to run arbitrary database commands. By inserting malicious SQL code into specific URL parameters—artid, cid, did, contid, and aboutid—across five different modules (publisher, diskusi, galeri, content, and about), attackers can extract sensitive information like database credentials and system version details. This is a network-based attack requiring no user interaction or prior access.

  • CVE-2018-25407HIGH 8.2

    eNdonesia Portal version 8.7 contains multiple SQL injection flaws in its mod.php file that allow attackers to inject malicious SQL commands without authentication. By crafting specially formed requests targeting parameters like artid, cid, did, contid, and aboutid across various portal modules (publisher, diskusi, galeri, content, about), an attacker can extract sensitive database information such as usernames, database names, and version details. No user interaction or authentication is required to exploit this vulnerability.