6.9
CVE-2026-40104 - XWiki's REST APIs can list all pages/spaces, leading to unavailability
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationCβ¦
8.8
CVE-2026-6359 - chromium-browser: Use after free in Video
Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
7.3
CVE-2026-30616 - Remote Command Execution via MCP STDIO in JaazΒ 1.0.30
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results β¦
7.5
CVE-2026-30364 - CentSDR Commit e40795 Stack Overflow in Thread1 Function
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
8.6
CVE-2026-30995 - SQL Injection via vereador_ver.php in Slah CMS
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.
8.6
CVE-2026-30617 - Remote Code Execution via MCP STDIO Server Configuration in LangChain-ChatChat 0.3.1
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When thβ¦
9.6
CVE-2026-6296 - chromium-browser: Heap buffer overflow in ANGLE
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
7.5
CVE-2025-67841 - Algorithmic Complexity Flaw Causing Resource Exhaustion in Nordic Semiconductor IronSide SE
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.
7.5
CVE-2026-30994 - Unauthenticated Access to Config File Exposes Session Credentials in Slah v1.5.0 and Earlier
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.
8.8
CVE-2026-6318 - chromium-browser: Use after free in Codecs
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)