7.5
CVE-2026-6308 - Google Chrome: Chromium: Google Chrome: Arbitrary code execution via out-of-bounds read in Media coβ¦
Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
8.3
CVE-2026-6304 - google-chrome: chromium: Google Chrome and Chromium: Sandbox escape via use-after-free vulnerabilitβ¦
Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-6303 - Google Chrome: Chromium: Google Chrome / Chromium Codecs: Arbitrary Code Execution via crafted HTMLβ¦
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-6299 - Google Chrome: Chromium: Google Chrome and Chromium: Arbitrary code execution via a crafted HTML paβ¦
Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
3.3
CVE-2026-21727 - Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record
--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvss_score: "3.3" cvss_vector: β¦
9.2
CVE-2026-5189 - Nexus Repository 3 - Hardcoded Credential in Internal Database Component
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation β¦
7.4
CVE-2026-33667 - OpenProject: 2FA OTP Verification Missing Rate Limiting
OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_authentication module has no rate limiting, lockout mechanism, or failed-attempt tracking. The existing brute_force_block_after_failed_logins sβ¦
5.5
CVE-2026-40915 - Gimp: gimp: heap buffer overflow due to integer overflow in fits image loader
A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel dataβ¦
5
CVE-2026-40916 - Gimp: gimp: denial of service due to stack buffer overflow in tim image loader
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-lenβ¦
5
CVE-2026-40917 - Gimp: gimp: application crashes or information disclosure via crafted icns image files
A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that procβ¦