6.5
CVE-2026-6385 - Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overfloβ¦
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checksβ¦
3.7
CVE-2026-33877 - ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint (/api/v1/@apostrophecms/login/reset-request) that allows unauthenticated username and email enumeration. When a user is not found, β¦
6.5
CVE-2026-6364 - Skia: Google Chrome: Chromium: Skia: Information disclosure via out-of-bounds read in Google Chrome
Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)
8.8
CVE-2026-6317 - Google Chrome: Chromium: Google Chrome and Chromium: Arbitrary code execution via a crafted HTML paβ¦
Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-6363 - V8: Google Chrome: Chromium: Google Chrome V8: Out-of-bounds memory access via crafted HTML page
Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
8.8
CVE-2026-6316 - Google Chrome: Chromium: Google Chrome/Chromium: Arbitrary code execution via use-after-free in Forβ¦
Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
7.2
CVE-2026-6361 - PDFium: Google Chrome: Chromium: PDFium in Google Chrome: Arbitrary code execution via crafted PDF β¦
Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
8.8
CVE-2026-6315 - Google Chrome: Chromium: Google Chrome/Chromium: Arbitrary code execution via use-after-free vulnerβ¦
Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
8.3
CVE-2026-6314 - Google Chrome: Chromium: Google Chrome and Chromium: Sandbox escape via out-of-bounds write in GPU
Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
3.1
CVE-2026-6312 - Google Chrome: Chromium: Google Chrome: Information disclosure via insufficient policy enforcement β¦
Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)