|
2711
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9952
|
2026-05-30 01:27 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2712
|
8.3 |
HIGH
Network
|
-
|
-
|
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and …
|
CWE-94
CWE-346
CWE-749
CWE-940
Code Injection
Origin Validation Error
Exposed Dangerous Method or Function
Improper Verification of Source of a Communication Channel
|
CVE-2026-44698
|
2026-05-30 01:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2713
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML pag…
|
CWE-416
Use After Free
|
CVE-2026-9956
|
2026-05-30 01:20 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2714
|
- |
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44903
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2715
|
7.4 |
HIGH
Local
|
-
|
-
|
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer with…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-49014
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2716
|
8.2 |
HIGH
Network
|
-
|
-
|
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other ap…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44843
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2717
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9957
|
2026-05-30 01:19 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2718
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font fi…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-9960
|
2026-05-30 01:18 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2719
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9962
|
2026-05-30 01:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2720
|
8.3 |
HIGH
Network
|
-
|
-
|
Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-9998
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
