Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Friday's disclosures center on Microsoft Azure HorizonDB (CVE-2026-48567, CVSS 10) and Tautulli (CVE-2026-43986, CVSS 9.9), alongside a cluster of WordPress plugin and infrastructure vulnerabilities. The brief covers 17 critical CVEs, up 240% from the prior day's 5, and 82 high-priority CVEs, a 52% increase from 54. Additional critical issues include OSNexus QuantaStor SDS Manager (CVE-2026-10880, CVSS 9.8) and Microsoft Windows (CVE-2025-71316, CVSS 9.8), spanning storage management, database, and operating system layers. Remote code execution and authentication bypass patterns dominate, affecting web applications, routers, and enterprise data platforms. No vendor patches were available at disclosure time, so defenders should prioritize compensating controls and monitor for vendor advisories on the highest-severity items.
Microsoft Azure HorizonDB carries a maximum-severity flaw (CVE-2026-48567, CVSS 10), the day's most impactful disclosure
Critical CVEs rose 240% to 17, up from 5 the prior day
High-priority CVEs increased 52% to 82, up from 54
Remote code execution and authentication bypass affect Tautulli (CVE-2026-43986), OSNexus QuantaStor, and multiple WordPress plugins
Patch availability stands at 0% across the disclosed set, requiring interim mitigations
6 CVEs are listed as actively exploited, including Ivanti vTM (CVE-2024-7593) and Palo Alto PAN-OS (CVE-2026-0257)
Immediate action: Prioritize Microsoft Azure HorizonDB, Microsoft Windows, OSNexus QuantaStor, and Tautulli deployments for immediate review, and audit exposed WordPress plugins and Neterbit routers. With no patches yet available, apply network segmentation, access restrictions, and enhanced monitoring while tracking vendor advisories for the actively exploited Ivanti vTM, Palo Alto PAN-OS, and Oracle WebLogic issues.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2024-7593
9.8π
IvantivTM (Virtual Traffic Manager)
β° Federal Deadline:October 14, 2024(-598 days remaining)
An authentication bypass vulnerability in the Ivanti vTM admin panel allows remote unauthenticated attackers to gain unauthorized administrative access.
CVSS Base9.8
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-0257
9.5π
Palo Alto NetworksPAN-OS
β° Federal Deadline:May 31, 2026(-4 days remaining)
An authentication bypass vulnerability exists in Palo Alto Networks PAN-OS GlobalProtect, allowing unauthenticated attackers to forge authentication cookies and establish unauthorized VPN connections.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2024-21182
9.5ππ Late Disclosure
OracleWebLogic Server
β° Federal Deadline:June 3, 2026(EXPIRED)
Oracle WebLogic Server contains an unspecified vulnerability that is currently being exploited in the wild.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2022-0492
9.5ππ Late Disclosure
LinuxKernel
β° Federal Deadline:June 4, 2026
A privilege escalation vulnerability in the Linux Kernel cgroup_release_agent_write function allows unprivileged users to escape container environments and gain elevated host privileges.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48595
9.5π
AndroidFramework
β° Federal Deadline:June 4, 2026
An integer overflow vulnerability in the Android Framework allows for potential unauthorized system access and is currently tracked in the CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-45247
9.5π
MirasvitFull Page Cache Warmer for Magento 2
β° Federal Deadline:June 5, 2026(1 days remaining)
Mirasvit Full Page Cache Warmer for Magento 2 contains a PHP object injection vulnerability allowing unauthenticated RCE via the CacheWarmer cookie.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2019-25738
9.8ππ Late Disclosure
WordPressHybrid Composer
WordPress Hybrid Composer 1.4.6 allows unauthenticated attackers to modify site options via the hc_ajax_save_option action, facilitating full account takeover through unauthorized administrative access.
CVSS Base9.8
β
CRSSelect profile
CVE-2019-25727
9.8ππ Late Disclosure
WordPressPlugin ad manager wd
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability allowing unauthenticated attackers to read sensitive system files, including wp-config.php.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-48567
10π
MicrosoftAzure HorizonDB
An authentication bypass vulnerability in Azure HorizonDB allows unauthorized attackers to spoof credentials and elevate privileges over a network.
CVSS Base10
β
CRSSelect profile
CVE-2019-25729
9.8ππ Late Disclosure
PDF SignerPDF Signer 3.0
PDF Signer 3.0 is vulnerable to server-side template injection via the CSRF-TOKEN cookie, allowing unauthenticated attackers to execute arbitrary system commands.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-71316
9.8π
MicrosoftWindows
A command-line injection vulnerability in the Windows sqldiff.exe utility allows attackers to load arbitrary DLLs via crafted command-line arguments.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-43986
9.9π
TautulliTautulli
A server-side request forgery (SSRF) vulnerability in Tautulli allows unauthenticated attackers to force the server to fetch arbitrary URLs.
CVSS Base9.9
β
CRSSelect profile
CVE-2019-25741
9.8ππ Late Disclosure
MobatekMobaXterm
Mobatek MobaXterm 12.1 contains a buffer overflow vulnerability in the username field of session files, allowing remote attackers to execute arbitrary code with user privileges.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-67446
9.8π
NeterbitNW-431F Router
Neterbit NW-431F routers use weak, predictable cookie values for authentication, allowing unauthenticated attackers to gain unauthorized administrative access.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-10880
9.8π
OSNexusQuantaStor SDS Manager
A SQL injection vulnerability in the OSNexus QuantaStor SDS Manager login endpoint allows unauthenticated attackers to bypass authentication.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-25550
9.8π
Seagull SoftwareBarTender
Seagull Software BarTender contains an unauthenticated remote code execution vulnerability in its .NET Remoting service, allowing attackers to execute code as NT AUTHORITY\SYSTEM.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-49191
9.8π
AcerConnect M6E 5G Portable WiFi Router
The M3WebServer in the Acer Connect M6E 5G router hard-codes backend API keys, which are exposed via verbose error pages.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-67447
9.8π
NeterbitNW-431F Router
The network diagnosis module in Neterbit NW-431F routers is vulnerable to OS command injection due to improper input sanitization.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-4104
9.8π
Akmer Informatics Automation Industry and Trade Ltd. Co.TeknoPass
An authorization bypass via SQL injection in TeknoPass allows unauthenticated attackers to execute arbitrary SQL commands and manipulate data.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-49185
9.8π
AcerConnect M6E 5G Portable WiFi Router
The FieldX MDM component in the Acer Connect M6E 5G router is vulnerable to command injection via unverified payloads in the adb messaging topic.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-49186
9.8π
AcerConnect M6E 5G Portable WiFi Router
The local MQTT broker on the Acer Connect M6E 5G router fails to enforce ACLs, allowing unauthorized clients to enumerate devices and publish rogue commands.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-49188
9.8π
AcerConnect M6E 5G Portable WiFi Router
The ai_cmd utility on the Acer Connect M6E 5G router runs with root privileges and is vulnerable to unauthenticated command injection via popen().
CVSS Base9.8
β
CRSSelect profile
CVE-2026-50211
9.8π
AcerConnect M6E 5G
Exposed diagnostic software on retail builds of Acer Connect M6E 5G allows malicious applications to write to internal NVRAM registers.
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-10882
8.8π
GoogleChrome
A use-after-free vulnerability in the Network component of Google Chrome allows for potential remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10885
8.8π
GoogleChrome for iOS
A use-after-free vulnerability in Chrome for iOS allows potential remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10888
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the Cast Streaming component of Google Chrome, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10890
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the Cast component of Google Chrome, which may allow an attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10891
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the GFX component of Google Chrome on Linux, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10895
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the Ozone windowing system component of Google Chrome, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10896
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the Chrome for iOS application, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10902
8.8π
GoogleChrome
A Use-After-Free (UAF) vulnerability exists in the Ozone component of Google Chrome, potentially allowing remote attackers to trigger memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10903
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the WebRTC component of Google Chrome, which could allow a remote attacker to achieve memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10913
8.8π
GoogleChrome
A Use-After-Free vulnerability in the ANGLE graphics abstraction layer of Google Chrome on Windows may allow for memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10914
8.8π
GoogleChrome
A Use-After-Free vulnerability in the ANGLE component of Google Chrome on Windows potentially allows an unauthenticated attacker to cause memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10926
8.8π
GoogleChrome
A Use-After-Free vulnerability in the Cast component of Google Chrome allows a remote, unauthenticated attacker to trigger memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10932
8.8π
GoogleChrome
A use-after-free vulnerability exists in the UI component of Google Chrome for Android, potentially allowing remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10939
8.8π
GoogleChrome
A use-after-free vulnerability in the WebRTC component of Google Chrome may lead to remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10943
8.8π
GoogleChrome
A use-after-free vulnerability in the WebRTC component of Google Chrome may allow for memory corruption and remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10945
8.8π
GoogleChrome
A use-after-free vulnerability in the PDF processing component of Google Chrome potentially allows for remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10947
8.8π
GoogleChrome
A use-after-free vulnerability in the WebRTC component of Google Chrome may lead to memory corruption and potential remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10948
8.8π
GoogleChrome
A use-after-free vulnerability exists in the WebRTC component of Google Chrome prior to version 149, potentially allowing arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10952
8.8π
GoogleChrome for iOS
A use-after-free vulnerability in Google Chrome for iOS prior to version 149 could allow an attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10954
8.8π
GoogleChrome
A use-after-free vulnerability in the Actor component of Google Chrome prior to version 149 may permit an attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10956
8.8π
GoogleChrome
A use-after-free vulnerability in the MimeHandlerView component of Google Chrome prior to 149 allows for potential arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10957
8.8π
GoogleChrome
A use-after-free vulnerability in the Glic component of Google Chrome prior to 149 could allow an unauthenticated attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10958
8.8π
GoogleChrome
A use-after-free vulnerability exists in Google Chrome for iOS, potentially allowing for memory corruption or arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10959
8.8π
GoogleChrome
A high-severity use-after-free vulnerability in the Input component of Google Chrome for Android could lead to arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10975
8.8π
GoogleChrome
A use-after-free vulnerability in the WebRTC component of Google Chrome allows for potential memory corruption and remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10978
8.8π
GoogleChrome
A use-after-free vulnerability in the Chromoting component of Google Chrome for Windows could allow for unauthorized code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10982
8.8π
GoogleChrome
A use-after-free vulnerability in the WebXR component of Google Chrome allows for remote code execution via a crafted HTML page.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10991
8.8π
GoogleChrome
A use-after-free vulnerability exists in the V8 engine of Google Chrome, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11000
8.8π
GoogleChrome
A use-after-free vulnerability in the font handling component of Google Chrome on Linux may lead to arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11003
8.8π
GoogleChrome
A use-after-free vulnerability in the WebRTC component of Google Chrome could allow a remote attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11028
8.8π
GoogleChrome
A use-after-free vulnerability in the media handling component of Google Chrome on Linux and ChromeOS could lead to arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11049
8.8π
GoogleChrome
A use-after-free vulnerability in the Password Manager of Google Chrome could allow a remote attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11050
8.8π
GoogleChrome
A use-after-free vulnerability exists in the V8 JavaScript engine within Google Chrome, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11054
8.8π
GoogleChrome
A use-after-free vulnerability in the WebRTC component of Google Chrome may allow an attacker to achieve arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11055
8.8π
GoogleChrome
A use-after-free vulnerability in the ANGLE graphics engine of Google Chrome on Windows allows for potential remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11059
8.8π
GoogleChrome
A use-after-free vulnerability in the Blink rendering engine of Google Chrome allows an attacker to potentially execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11060
8.8π
GoogleChrome
A use-after-free vulnerability in the Media component of Google Chrome on Windows allows for potential remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11068
8.8π
GoogleChrome
A Use-After-Free vulnerability in the WebSockets component of Google Chrome allows for potential memory corruption and arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11074
8.8π
GoogleChrome
A Use-After-Free vulnerability in the WebRTC component of Google Chrome on Linux can lead to memory corruption and potential code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11117
8.8π
GoogleChrome
A Use-After-Free vulnerability within the Views component of Google Chrome on Windows allows for potential memory corruption and code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11118
8.8π
GoogleChrome
A Use-After-Free vulnerability in the WebRTC component of Google Chrome allows for potential memory corruption and code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11125
8.8π
GoogleChrome
A Use-After-Free vulnerability in the Compositing component of Google Chrome allows for potential memory corruption and code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11130
8.8π
GoogleChrome
A Use-After-Free (UAF) vulnerability exists within the Media component of Google Chrome, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11136
8.8π
GoogleChrome
A Use-After-Free vulnerability in the Canvas component of Google Chrome could lead to arbitrary code execution if exploited by an attacker.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11147
8.8π
GoogleChrome
A Use-After-Free vulnerability in the WebML component of Google Chrome for Windows may allow an unauthenticated attacker to achieve arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11164
8.8π
GoogleChrome
A Use-After-Free vulnerability in the Blink rendering engine of Google Chrome could allow an unauthenticated attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11230
8.8π
GoogleChrome
A Use-After-Free vulnerability in the Extensions component of Google Chrome may allow an unauthenticated attacker to gain unauthorized code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11262
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the TabStrip component of Google Chrome prior to version 149, potentially allowing arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11303
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the PDFium library within Google Chrome prior to version 149, which may lead to arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11305
8.8π
GoogleChrome
A Use-After-Free vulnerability exists in the PDFium library within Google Chrome prior to version 149, potentially allowing for remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11306
8.8π
GoogleChrome
A Use-After-Free vulnerability in the PDFium library of Google Chrome prior to version 149 may allow an attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11307
8.8π
GoogleChrome
A Use-After-Free vulnerability in the PDFium library within Google Chrome prior to version 149 could allow an attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10883
8.8π
GoogleChrome
A type confusion vulnerability exists in the ANGLE graphics engine component of Google Chrome, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10907
8.8π
GoogleChrome
An out-of-bounds write vulnerability exists in the ANGLE graphics engine of Google Chrome, which could allow an attacker to trigger memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10910
8.8π
GoogleChrome
A type confusion vulnerability in the V8 JavaScript engine of Google Chrome could allow an attacker to achieve arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10928
8.8π
GoogleChrome
A script injection vulnerability in the Headless mode of Google Chrome could allow an attacker to execute unauthorized scripts.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10935
8.8π
GoogleChrome
A type confusion vulnerability in the V8 JavaScript engine of Google Chrome could allow for remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10936
8.8π
GoogleChrome
A type confusion vulnerability exists in the V8 JavaScript engine of Google Chrome, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10941
8.8π
GoogleChrome
An out-of-bounds memory access vulnerability in the Skia graphics library of Google Chrome may lead to unauthorized data access or application crashes.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10962
8.8π
GoogleChrome
A type confusion vulnerability in the Media component of Google Chrome may allow for arbitrary code execution through malicious media processing.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10963
8.8π
GoogleChrome
An integer overflow vulnerability in the V8 JavaScript engine of Google Chrome could allow an attacker to execute arbitrary code.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10964
8.8π
GoogleChrome
An integer overflow vulnerability in the V8 JavaScript engine of Google Chrome may enable remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10965
8.8π
GoogleChrome
An integer overflow vulnerability exists within the DevTools component of Google Chrome, potentially allowing for memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10986
8.8π
GoogleChrome
An integer overflow vulnerability exists within the Media component of Google Chrome, potentially allowing for memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-10987
8.8π
GoogleChrome
An integer overflow vulnerability exists within the V8 JavaScript engine of Google Chrome, potentially allowing for memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11046
8.8π
GoogleChrome
Insufficient validation of untrusted input exists within the Media component of Google Chrome, potentially allowing for arbitrary code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11076
8.8π
GoogleChrome
A Type Confusion vulnerability exists within the CSS engine of Google Chrome, potentially allowing for memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11077
8.8π
GoogleChrome
A bad cast vulnerability exists within the Dawn component of Google Chrome prior to version 149, potentially leading to memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11086
8.8π
GoogleChrome
An inappropriate implementation vulnerability in the Dawn component of Google Chrome prior to version 149 could allow a remote attacker to compromise system integrity.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11171
8.8π
GoogleChrome
An integer overflow vulnerability in the Blink engine of Google Chrome prior to version 149 may allow for memory corruption and remote code execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11173
8.8π
GoogleChrome
An out-of-bounds write vulnerability exists in the V8 JavaScript engine of Google Chrome prior to version 149, enabling potential memory corruption.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11235
8.8π
GoogleChrome
Insufficient policy enforcement in the Compositing component of Google Chrome prior to version 149 could allow an attacker to bypass security restrictions.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-11279
8.8π
GoogleChrome
An out-of-bounds read vulnerability exists in the DevTools component of Google Chrome, potentially allowing for memory disclosure or application instability.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-43984
8.9π
TautulliTautulli
Tautulli, a monitoring tool for Plex Media Server, contains a high-severity vulnerability requiring immediate attention to prevent unauthorized access.
CVSS Base8.9
β
CRSSelect profile
CVE-2026-43985
8.8π
TautulliTautulli
Tautulli, a monitoring tool for Plex Media Server, contains a high-severity vulnerability that could be exploited by an attacker.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-46264
8.8π
LinuxKernel
A memory management error in the Linux kernel DRM/XE driver during sysfs initialization can result in improper cleanup actions on uninitialized objects.
CVSS Base8.8
β
CRSSelect profile
CVE-2025-10968
8.8π
GG Soft SoftwareMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc
CVSS Base8.8
β
CRSSelect profile
CVE-2025-11956
8.9π
Proliz Software LtdMultiple Products
Proliz Software products are vulnerable to Cross-site Scripting (XSS) due to improper neutralization of user-supplied input during web page generation.
CVSS Base8.9
β
CRSSelect profile
CVE-2026-49190
8.8π
UnknownUnknown
The system fails to enforce proper instructional permissions over internal opcodes, enabling unauthorized application installation or command execution.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-49194
8.8π
UnknownUnknown
The SCREEN_CLICK(5053) debugging routine allows an unauthenticated connection to bypass the login prompt and access an interactive shell.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-5228
8.8π
Kurt Software StudioWriteUp Mobile App
The Kurt Software Studio WriteUp Mobile App contains an improper access control vulnerability that allows unauthorized users to access restricted application functionality.
CVSS Base8.8
β
CRSSelect profile
CVE-2026-41236
8.8π
FroxlorServer Administration Software
Froxlor open source server administration software contains a vulnerability related to improper access control or authorization mechanisms.