CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
CVE-2026-8795 describes a YAML injection vulnerability in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inserted into a YAML template without proper escaping.
The ABAP application server does not perform necessary authorization checks for an authenticated user, allowing an attacker to execute a report generation command that could overwrite information belonging to another user, resulting in privilege escalation.
A use after free vulnerability in Tracing in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Use after free in Bluetooth in Google Chrome on Mac prior to version 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Bluetooth in Google Chrome on Mac prior to version 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
In Google Chrome prior to version 149.0.7827.103, a use after free vulnerability in ServiceWorker allowed a remote attacker who compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.
Inappropriate implementation in Plugins in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
A use after free vulnerability in Read Anything in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
In Google Chrome on Mac prior to version 149.0.7827.103, an out of bounds read and write in the Media module allowed a remote attacker who compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.
Insufficient policy enforcement in Passwords in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Inappropriate implementation in SVG in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Use after free in Dawn in Google Chrome on Mac prior to version 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Inappropriate implementation in Views in Google Chrome on Linux prior to version 149.0.7827.103 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Use after free in Ozone in Google Chrome on Linux prior to version 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
A use after free vulnerability in Media in Google Chrome on Windows prior to version 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
A use after free vulnerability in Codecs in Google Chrome on Windows prior to version 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
A race condition in the network process of Google Chrome on Mac prior to version 149.0.7827.103 allowed a remote attacker who compromised the network process to potentially perform a sandbox escape via a crafted HTML page.
Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to version 149.0.7827.103 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
In Google Chrome prior to version 149.0.7827.103, there was a use after free vulnerability in Guest View that allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

