7.2
CVE-2026-28674 - xiaoheiFS Vulnerable to RCE via Arbitrary Payment Plugin Upload (Automatic Execution)
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the `AdminPaymentPluginUpload` endpoint lets admins upload any file to `plugins/payment/`. It only checks a hardcoded password (`qweasd123456`) and ignores file content.β¦
7.2
CVE-2026-28673 - xiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a `manifest.json`. The server trusts the `binaries` field in the manifest and execuβ¦
6.3
CVE-2026-29057 - Next.js: HTTP request smuggling in rewrites
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundaβ¦
6.9
CVE-2026-27980 - Next.js: Unbounded next/image disk cache growth can exhaust storage
Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate manyβ¦
6.9
CVE-2026-27979 - Next.js: Unbounded postponed resume buffering can lead to DoS
Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSizeβ¦
8.8
CVE-2026-4451 - chromium-browser: Insufficient validation of untrusted input in Navigation
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-4449 - chromium-browser: Use after free in Blink
Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-4454 - chromium-browser: Use after free in Network
Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-4441 - chromium-browser: Use after free in Base
Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
8.8
CVE-2026-4444 - chromium-browser: Stack buffer overflow in WebRTC
Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)