CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-13797
Critical

Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13796
Critical

An integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13792
Critical

A use-after-free vulnerability in the Touchbar component of Google Chrome on Mac prior to version 150.0.7871.47 was discovered. A remote attacker could exploit a crafted HTML page to potentially achieve a sandbox escape.

CVE-2026-13789
Critical

A Use-After-Free vulnerability in the GPU component of Google Chrome prior to 150.0.7871.47 allows a remote attacker who compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue has a high Chromium security severity.

CVE-2026-13785
Critical

A Use-After-Free vulnerability in the Bluetooth component of Google Chrome on Mac prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to potentially escape the sandbox via a crafted HTML page.

CVE-2026-13782
Critical

A use-after-free vulnerability exists in the Browser component of Google Chrome prior to version 150.0.7871.47. A remote attacker who compromised the renderer process could potentially escape the sandbox via a crafted HTML page.

CVE-2026-13781
Critical

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The vulnerability has a critical severity rating according to Chromium.

CVE-2026-13780
Critical

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13776
Critical

A type confusion vulnerability in the Dawn component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. This issue is rated as Critical in Chromium security.

CVE-2026-13775
Critical

A Use-After-Free vulnerability in the GPU component of Google Chrome prior to 150.0.7871.47 allows a remote attacker who compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue has a critical severity rating from Chromium.

CVE-2026-58449
Critical

A vulnerability in txtai up to version 9.10.0 (fixed in commit 11b32da) allows remote code execution via the /reindex API endpoint. The function body parameter is resolved by txtai.util.Resolver, which performs __import__ and getattr on the caller-supplied dotted path without any allowlist.

CVE-2026-50003
Critical

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

CVE-2026-37106
Critical

An issue in DokuWiki 2025-05-14b 'Librarian' 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. The supplier disputes this as a vulnerability, stating it is intentional behavior when self-registration is enabled (a non-default feature).

CVE-2026-7874
Critical

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability that could disclose all stored credentials. The issue is due to the use of a weak and reversible key derivation mechanism for encryption at rest.

CVE-2026-7873
Critical

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials. This leads to complete system compromise and enables lateral movement.

CVE-2026-7871
Critical

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing users with Redis access to execute arbitrary code with full application privileges. This compromises all secrets, data, and system integrity.

CVE-2026-7803
Critical

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing remote arbitrary code execution. The issue stems from improper validation of flow nodes with missing or empty component type fields.

CVE-2026-7663
Critical

IBM Langflow OSS versions 1.0.0 through 1.9.6 contain a vulnerability due to improper authorization enforcement in the Streamable MCP transport endpoint. This allows unauthenticated attackers to access protected MCP project resources and execute MCP operations.

CVE-2026-11712
Critical

IBM WebSphere Application Server 9.0 and 8.5 are affected by a cross-site scripting (XSS) vulnerability in the administrative console help system. This allows an attacker to inject malicious scripts into the help page.

CVE-2026-11708
Critical

IBM WebSphere Application Server 9.0 and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system. This allows an attacker to inject malicious script into the help page.

PreviousPage 8 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS