6.5
CVE-2026-40105 - XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability (XSS) in the comparison view between revβ¦
6.9
CVE-2026-40104 - XWiki's REST APIs can list all pages/spaces, leading to unavailability
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationCβ¦
4.3
CVE-2026-6298 - chromium-browser: Heap buffer overflow in Skia
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)
9.6
CVE-2026-6296 - chromium-browser: Heap buffer overflow in ANGLE
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
8.6
CVE-2026-30624 - Remote Code Execution via Malicious MCP Server Configuration in Agent Zero 0.9.8
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configβ¦
7.3
CVE-2026-30616 - Remote Command Execution via MCP STDIO in JaazΒ 1.0.30
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results β¦
8.8
CVE-2026-6307 - chromium-browser: Type Confusion in Turbofan
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
7.5
CVE-2026-30364 - CentSDR Commit e40795 Stack Overflow in Thread1 Function
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
8.6
CVE-2026-30995 - SQL Injection via vereador_ver.php in Slah CMS
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.
8.6
CVE-2026-30617 - Remote Code Execution via MCP STDIO Server Configuration in LangChain-ChatChat 0.3.1
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When thβ¦