2.1
CVE-2026-4794 - Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10ย allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via theโฆ
8.1
CVE-2026-5282 - chromium-browser: Out of bounds read in WebCodecs
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-5275 - chromium-browser: Heap buffer overflow in ANGLE
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
7.4
CVE-2026-5283 - chromium-browser: Inappropriate implementation in ANGLE
Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
0.0
CVE-2026-34994 -
DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
8.8
CVE-2026-5281 - chromium-browser: Use after free in Dawn
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
8.6
CVE-2026-30284 -
An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
6.5
CVE-2026-30521 - Business Logic Flaw Enables Negative Interest Rates in Loan Management System
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this conโฆ
9.8
CVE-2026-30312 - OS Command Injection via Newline in DSAIโCline AutoโApproval Module
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and coโฆ
9.8
CVE-2026-30311 - OS Command Injection in Ridvay AutoโApproval Module
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, โฆ