CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14424
Critical

A use-after-free vulnerability exists in the Dawn component of Google Chrome on Mac prior to version 150.0.7871.46. A remote attacker could exploit a crafted HTML page to potentially achieve a sandbox escape.

CVE-2026-14423
Critical

A Type Confusion vulnerability in the Tint component of Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The issue is rated as High severity.

CVE-2026-14420
Critical

A vulnerability in the Dawn component of Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The issue is an out-of-bounds read and write.

CVE-2026-14419
Critical

A use-after-free vulnerability in Skia in Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14417
Critical

A use-after-free vulnerability in Dawn in Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14416
Critical

An out-of-bounds read vulnerability in the Dawn component of Google Chrome prior to version 150.0.7871.46 could allow a remote attacker to potentially escape the sandbox via a crafted HTML page.

CVE-2026-14411
Critical

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14405
Critical

In Google Chrome prior to version 150.0.7871.46, an uninitialized use vulnerability exists in the V8 engine. A remote attacker can exploit a crafted HTML page to execute arbitrary code within a sandbox.

CVE-2026-14398
Critical

A use-after-free vulnerability in ANGLE in Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14397
Critical

An out-of-bounds write vulnerability in the ANGLE component of Google Chrome on Mac prior to version 150.0.7871.46 allows a remote attacker to potentially escape the sandbox via a crafted HTML page.

CVE-2026-14392
Critical

An out-of-bounds write vulnerability in the Tint component of Google Chrome prior to version 150.0.7871.46 allowed a remote attacker to potentially escape the sandbox via a crafted HTML page.

CVE-2026-14390
Critical

A Use-After-Free vulnerability in the ANGLE component of Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The issue is rated as high severity.

CVE-2026-14387
Critical

An integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14382
Critical

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-52186
Critical

SQL Injection vulnerability in UTT nv518G firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component.

CVE-2026-58457
CriticalEPSS 74%

The Shenzhen Aitemi M300 Wi-Fi Repeater (model MT02) has an unauthenticated OS command injection vulnerability. Network-adjacent attackers can execute arbitrary shell commands by injecting unsanitized input through GET parameters in the smacfilter_conf handler of the commuos web backend.

CVE-2026-53492
Critical

In containerd versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts CDI annotations from untrusted checkpoint image metadata during container restoration. A user with pod creation permissions can bypass standard Kubernetes resource allocation and inject arbitrary devices or host mounts into the restored container.

CVE-2026-51947
Critical

A vulnerability in Pivotal CRM 6.6.4.08 and systems with patch ghi-15381-cwe-502-20251225.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. This issue exists due to an incomplete fix for CVE-2026-39253.

CVE-2026-50195
Critical

A vulnerability in containerd prior to versions 2.3.2, 2.2.5 and 2.1.9 allows an attacker with pod creation permissions to poison the local image cache via a crafted checkpoint image. Missing validation of image references in the checkpoint import process enables assigning an arbitrary local tag to a malicious image.

CVE-2026-50160
Critical

In self-hosted Hoppscotch deployments version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass assignment. The missing whitelist: true in NestJS ValidationPipe allows extra request properties like JWT_SECRET and SESSION_SECRET to be treated as valid InfraConfig entries, enabling an attacker to overwrite them.

PreviousPage 3 of 533Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS