8.8
CVE-2026-1862 - Type Confusion in V8 Leading to Heap Corruption via Crafted HTML Page
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-1861 - Heap Buffer Overflow in libvpx Allows Remote Exploitation via Crafted HTML
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
9.3
CVE-2025-65078 - Untrusted search path vulnerability in Embedded Solutions Framework
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.
7.7
CVE-2026-24887 - Claude Code has a Command Injection in find Command Bypasses User Approval Prompt
Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted conteβ¦
7.7
CVE-2026-24053 - Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the uβ¦
7.1
CVE-2026-24052 - Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Dβ¦
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocoβ¦
8.8
CVE-2025-65077 - Relative path traversal vulnerability in Embedded Solutions Framework
A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
6.9
CVE-2025-65081 - Out-of-bounds read vulnerability in Postscript interpreter
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
6.9
CVE-2025-65080 - Type confusion vulnerability in Postscript interpreter
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
5.3
CVE-2026-1810 - bolo-blog bolo-solo ZIP File BackupService.java unpackFilteredZip path traversal
A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal. β¦