8.8
CVE-2026-6358 - chromium-browser: Use after free in XR
Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)
8.8
CVE-2026-6302 - chromium-browser: Use after free in Video
Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-6360 - chromium-browser: Use after free in FileSystem
Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
5.1
CVE-2026-40096 - immich: Open Redirect via Shared Album name
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a <meta> tag in api.service.ts. A registered attacker can create a sharedβ¦
6
CVE-2026-40091 - SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs
SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside Daβ¦
7.1
CVE-2026-40090 - Zarf has a Path Traversal via Malicious Package Metadata.Name β Arbitrary File Write
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a user-controlleβ¦
5.5
CVE-2026-39984 - Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint checβ¦
7.2
CVE-2026-39971 - Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipity_isResponseClean() iβ¦
6.9
CVE-2026-39963 - Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled β¦
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as the domain parameter of setcookie(). An attacker who can influence the Host header at login time, sβ¦
5.3
CVE-2026-1314 - 3D FlipBook β PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorβ¦
The 3D FlipBook β PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_json() function in all versions up to, and including, 1.16.17. This makes it possible for unauthentiβ¦