8.8
CVE-2026-7344 - chromium-browser: Use after free in Accessibility
Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
7.5
CVE-2026-7338 - chromium-browser: Use after free in Cast
Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)
4.3
CVE-2026-7309 - Openshift-controller-manager: openshift container platform: information disclosure via environment β¦
A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` or `http_proxy`, into `docker-build` containers through the `buildconfigs/instantiate` API. This incomplete fix for a previous vulneβ¦
9.8
CVE-2026-42208 - LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection
A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API routeβ¦
3.1
CVE-2026-7360 - chromium-browser: Insufficient validation of untrusted input in Compositing
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
7.5
CVE-2026-7357 - chromium-browser: Use after free in GPU
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.3
CVE-2026-7353 - chromium-browser: Heap buffer overflow in Skia
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
7.5
CVE-2026-7349 - chromium-browser: Use after free in Cast
Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
8.8
CVE-2026-7337 - chromium-browser: Type Confusion in V8
Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
6.5
CVE-2026-41526 - Shell Argument Quoting Vulnerability Leading to Escape in KCoreAddons
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to β¦