CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-8795
High

CVE-2026-8795 describes a YAML injection vulnerability in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template without proper escaping.

CVE-2026-44751
High

The ABAP application server does not perform necessary authorization checks for an authenticated user, allowing an attacker to execute a report generation command that could overwrite information belonging to another user, resulting in privilege escalation.

CVE-2026-11700
High

A use after free vulnerability in Tracing in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11699
High

Use after free in Bluetooth in Google Chrome on Mac prior to version 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2026-11698
High

Use after free in Bluetooth in Google Chrome on Mac prior to version 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2026-11694
High

In Google Chrome prior to version 149.0.7827.103, a use after free vulnerability in ServiceWorker allowed a remote attacker who compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-11693
High

Inappropriate implementation in Plugins in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2026-11692
High

A use after free vulnerability in Read Anything in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11690
High

In Google Chrome on Mac prior to version 149.0.7827.103, an out of bounds read and write in the Media module allowed a remote attacker who compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-11689
High

Insufficient policy enforcement in Passwords in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2026-11688
High

Inappropriate implementation in SVG in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-11687
High

Use after free in Dawn in Google Chrome on Mac prior to version 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2026-11683
High

Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-11682
High

Inappropriate implementation in Views in Google Chrome on Linux prior to version 149.0.7827.103 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11681
High

Use after free in Ozone in Google Chrome on Linux prior to version 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2026-11680
High

A use after free vulnerability in Media in Google Chrome on Windows prior to version 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-11679
High

A use after free vulnerability in Codecs in Google Chrome on Windows prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11677
High

A race condition in the network process of Google Chrome on Mac prior to version 149.0.7827.103 allowed a remote attacker who compromised the network process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11676
High

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to version 149.0.7827.103 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-11674
High

In Google Chrome prior to version 149.0.7827.103, there was a use after free vulnerability in Guest View that allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

PreviousPage 176 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS