VYPR

CVEs

97,194 total · page 45 of 1,944

  • CVE-2026-9883HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-9880HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-9879HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-9878HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-9877HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-9873HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-5343HigMay 28, 2026
    risk 0.48cvss 7.4epss 0.00

    Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.

  • CVE-2026-10022HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-10021HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10020HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10019HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10017HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10016HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10015HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10014HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10013HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10012HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10009HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10007HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10006HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10005HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10003HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10002HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

  • CVE-2026-10001HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10000HigMay 28, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-48116HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.00

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a --…

  • CVE-2026-45364HigMay 28, 2026
    risk 0.40cvss 7.3epss 0.00

    Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for (or the configured IP-bearing header). IPv6 clients…

  • CVE-2026-45344HigMay 28, 2026
    risk 0.46cvss 8.1epss 0.00

    LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can…

  • CVE-2026-45343HigMay 28, 2026
    risk 0.48cvss epss 0.00

    LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with…

  • CVE-2026-45342HigMay 28, 2026
    risk 0.39cvss epss 0.00

    LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource…

  • CVE-2026-44973HigMay 28, 2026
    risk 0.46cvss 8.1epss 0.00

    Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using ..) to escape intended base…

  • CVE-2026-44883HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT…

  • CVE-2026-44882HigMay 28, 2026
    risk 0.46cvss 8.1epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware…

  • CVE-2026-44850HigMay 28, 2026
    risk 0.48cvss 8.5epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind…

  • CVE-2026-44849HigMay 28, 2026
    risk 0.50cvss 8.8epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings…

  • CVE-2026-44848HigMay 28, 2026
    risk 0.50cvss 8.8epss 0.00

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*)…

  • CVE-2026-39929HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.01

    Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can…

  • CVE-2026-10044HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.01

    Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or…

  • CVE-2026-46837HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle…

  • CVE-2026-46835HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this…

  • CVE-2026-46834HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this…

  • CVE-2026-46829HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks…

  • CVE-2026-46828HigMay 28, 2026
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle…

  • CVE-2026-46827HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle…

  • CVE-2026-46826HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle…

  • CVE-2026-46823HigMay 28, 2026
    risk 0.50cvss 7.7epss 0.00

    Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2026-46821HigMay 28, 2026
    risk 0.50cvss 7.7epss 0.00

    Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2026-46820HigMay 28, 2026
    risk 0.55cvss 8.5epss 0.00

    Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2026-46818HigMay 28, 2026
    risk 0.48cvss 7.4epss 0.00

    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle…

  • CVE-2026-44657HigMay 28, 2026
    risk 0.42cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript…