CVEs from 2026
Total
13,986
critical
critical 1,212
high
high 4,562
medium
medium 4,408
low
low 482
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47329 | low | 3.3 | 3.3 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user a… | |||
| CVE-2026-47327 | low | 3.3 | 3.3 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c… | |||
| CVE-2026-48156 | low | 3.3 | 3.3 | 5d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams w… | |||
| CVE-2026-9572 | low | 3.3 | 3.3 | 7d ago | A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t… | |||
| CVE-2026-9567 | low | 3.3 | 3.3 | 7d ago | A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointe… | |||
| CVE-2026-9530 | low | 3.3 | 3.3 | 7d ago | A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani… | |||
| CVE-2026-9529 | low | 3.3 | 3.3 | 7d ago | A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulati… | |||
| CVE-2026-9504 | low | 3.3 | 3.3 | 8d ago | A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou… | |||
| CVE-2026-9503 | low | 3.3 | 3.3 | 8d ago | A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null … | |||
| CVE-2026-9501 | low | 3.3 | 3.3 | 8d ago | A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipul… | |||
| CVE-2026-39824 | low | 3.3 | 3.3 | 11d ago | NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated strin… | |||
| CVE-2026-47782 | low | 3.3 | 3.3 | 13d ago | Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web p… | |||
| CVE-2026-33565 | low | 3.3 | 3.3 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-28751 | low | 3.3 | 3.3 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-27781 | low | 3.3 | 3.3 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-25110 | low | 3.3 | 3.3 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-0965 | low | 3.3 | 3.3 | 15d ago | Moderate: libssh security update | |||
| CVE-2026-47091 | low | 3.3 | 3.3 | 15d ago | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin… | |||
| CVE-2026-8770 | low | 3.3 | 3.3 | 16d ago | A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat… | |||
| CVE-2026-20793 | low | 3.3 | 3.3 | 21d ago | Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an a… | |||
| CVE-2026-41530 | low | 3.3 | 3.3 | 21d ago | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe… | |||
| CVE-2026-28910 | low | 3.3 | 3.3 | 22d ago | macOS Tahoe 26.4 | |||
| CVE-2026-28957 | low | 3.3 | 3.3 | 23d ago | visionOS 26.5 | |||
| CVE-2026-32803 | low | 3.3 | 3.3 | 25d ago | Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileg… | |||
| CVE-2026-41498 | low | 3.3 | 3.3 | 25d ago | Kimai has Missing Object-Level Authorization in the Team API | |||
| CVE-2026-7740 | low | 3.3 | 3.3 | 29d ago | A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id… | |||
| CVE-2026-7739 | low | 3.3 | 3.3 | 29d ago | A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation … | |||
| CVE-2026-33448 | low | 3.3 | 3.3 | 1mo ago | CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump t… | |||
| CVE-2026-41357 | low | 3.3 | 3.3 | 1mo ago | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve… | |||
| CVE-2026-35379 | low | 3.3 | 3.3 | 1mo ago | A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space char… | |||
| CVE-2026-35378 | low | 3.3 | 3.3 | 1mo ago | A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw… | |||
| CVE-2026-35375 | low | 3.3 | 3.3 | 1mo ago | A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to_string_lossy() wh… | |||
| CVE-2026-35371 | low | 3.3 | 3.3 | 1mo ago | uutils coreutils's User Interface (UI) Misrepresents Critical Information | |||
| CVE-2026-35344 | low | 3.3 | 3.3 | 1mo ago | The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special… | |||
| CVE-2026-35343 | low | 3.3 | 3.3 | 1mo ago | The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited fl… | |||
| CVE-2026-35342 | low | 3.3 | 3.3 | 1mo ago | The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementa… | |||
| CVE-2026-40505 | low | 3.3 | 3.3 | 2mo ago | MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious… | |||
| CVE-2026-6192 | low | 3.3 | 3.3 | 2mo ago | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. T… | |||
| CVE-2026-40228 | low | 3.3 | 3.3 | 2mo ago | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | |||
| CVE-2026-5037 | low | 3.3 | 3.3 | 2mo ago | A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr c… | |||
| CVE-2026-4833 | low | 3.3 | 3.3 | 2mo ago | A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled r… | |||
| CVE-2026-20684 | low | 3.3 | 3.3 | 2mo ago | macOS Tahoe 26.4 | |||
| CVE-2026-4539 | low | 3.3 | 3.3 | 2mo ago | A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular e… | |||
| CVE-2026-4159 | low | 3.3 | 3.3 | 3mo ago | 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_Decode… | |||
| CVE-2026-4174 | low | 3.3 | 3.3 | 3mo ago | A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation lea… | |||
| CVE-2026-4010 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument leng… | |||
| CVE-2026-4009 | low | 3.3 | 3.3 | 3mo ago | A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File P… | |||
| CVE-2026-3950 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to o… | |||
| CVE-2026-3949 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing… | |||
| CVE-2026-21791 | low | 3.3 | 3.3 | 3mo ago | HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL | |||
| CVE-2026-3449 | low | 3.3 | 3.3 | 3mo ago | @tootallnate/once vulnerable to Incorrect Control Flow Scoping | |||
| CVE-2026-3407 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes h… | |||
| CVE-2026-2903 | low | 3.3 | 3.3 | 3mo ago | A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack ca… | |||
| CVE-2026-2889 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only… | |||
| CVE-2026-2642 | low | 3.3 | 3.3 | 3mo ago | A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null point… | |||
| CVE-2026-2641 | low | 3.3 | 3.3 | 3mo ago | A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Exe… | |||
| CVE-2026-2246 | low | 3.3 | 3.3 | 4mo ago | A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation lead… | |||
| CVE-2026-2245 | low | 3.3 | 3.3 | 4mo ago | A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation l… | |||
| CVE-2026-2069 | low | 3.3 | 3.3 | 4mo ago | A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This… | |||
| CVE-2026-1990 | low | 3.3 | 3.3 | 4mo ago | A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation l… | |||
| CVE-2026-1417 | low | 3.3 | 3.3 | 4mo ago | A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference.… | |||
| CVE-2026-1416 | low | 3.3 | 3.3 | 4mo ago | A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null poin… | |||
| CVE-2026-1415 | low | 3.3 | 3.3 | 4mo ago | A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to… | |||
| CVE-2026-44220 | low | 3.2 | 3.2 | 21d ago | ciguard: discover_pipeline_files follows symlinks out of scan root | |||
| CVE-2026-45362 | low | 3.2 | 3.2 | 22d ago | Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file. | |||
| CVE-2026-43969 | low | 3.2 | 3.2 | 22d ago | cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1 | |||
| CVE-2026-31369 | low | 3.2 | 3.2 | 1mo ago | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | |||
| CVE-2026-10565 | low | 3.1 | 3.1 | 12h ago | A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a mani… | |||
| CVE-2026-45426 | low | 3.1 | 3.1 | 1d ago | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against … | |||
| CVE-2026-40963 | low | 3.1 | 3.1 | 1d ago | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated U… | |||
| CVE-2026-9991 | low | 3.1 | 3.1 | 5d ago | Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-9959 | low | 3.1 | 3.1 | 5d ago | Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9950 | low | 3.1 | 3.1 | 5d ago | Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a… | |||
| CVE-2026-9944 | low | 3.1 | 3.1 | 5d ago | Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec… | |||
| CVE-2026-9920 | low | 3.1 | 3.1 | 5d ago | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chr… | |||
| CVE-2026-10011 | low | 3.1 | 3.1 | 5d ago | Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Ch… | |||
| CVE-2026-49009 | low | 3.1 | 3.1 | 7d ago | Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. | |||
| CVE-2026-47715 | low | 3.1 | 3.1 | 7d ago | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requir… | |||
| CVE-2026-47716 | low | 3.1 | 3.1 | 7d ago | Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the … | |||
| CVE-2026-48851 | low | 3.1 | 3.1 | 8d ago | PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session. | |||
| CVE-2026-9398 | low | 3.1 | 3.1 | 9d ago | A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass b… | |||
| CVE-2026-9394 | low | 3.1 | 3.1 | 9d ago | A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to w… | |||
| CVE-2026-39967 | low | 3.1 | 3.1 | 11d ago | TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user a… | |||
| CVE-2026-9249 | low | 3.1 | 3.1 | 11d ago | Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : * D… | |||
| CVE-2026-44057 | low | 3.1 | 3.1 | 12d ago | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authen… | |||
| CVE-2026-7836 | low | 3.1 | 3.1 | 12d ago | An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification v… | |||
| CVE-2026-7835 | low | 3.1 | 3.1 | 12d ago | A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string pro… | |||
| CVE-2026-44070 | low | 3.1 | 3.1 | 12d ago | An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character convers… | |||
| CVE-2026-0968 | low | 3.1 | 3.1 | 15d ago | Moderate: libssh security update | |||
| CVE-2026-8741 | low | 3.1 | 3.1 | 16d ago | A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manip… | |||
| CVE-2026-8579 | low | 3.1 | 3.1 | 19d ago | Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write… | |||
| CVE-2026-8578 | low | 3.1 | 3.1 | 19d ago | Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chro… | |||
| CVE-2026-8572 | low | 3.1 | 3.1 | 19d ago | Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft… | |||
| CVE-2026-8568 | low | 3.1 | 3.1 | 19d ago | Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Ch… | |||
| CVE-2026-8556 | low | 3.1 | 3.1 | 19d ago | Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-8554 | low | 3.1 | 3.1 | 19d ago | Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted H… | |||
| CVE-2026-8553 | low | 3.1 | 3.1 | 19d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Ch… | |||
| CVE-2026-8545 | low | 3.1 | 3.1 | 19d ago | Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromi… | |||
| CVE-2026-8536 | low | 3.1 | 3.1 | 19d ago | Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation v… | |||
| CVE-2026-27680 | low | 3.1 | 3.1 | 19d ago | Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the appl… |