8.4
CVE-2024-53412 - Command Injection via Port Field in NietThijmen ShoppingCart Leading to Remote Code Execution
Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field
8.8
CVE-2026-6306 - chromium-browser: Heap buffer overflow in PDFium
Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
8.8
CVE-2026-6302 - chromium-browser: Use after free in Video
Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.6
CVE-2026-30624 - Remote Code Execution via Malicious MCP Server Configuration in Agent Zero 0.9.8
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configβ¦
8.8
CVE-2026-6301 - chromium-browser: Type Confusion in Turbofan
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-6859 - Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true`
A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted maliciouβ¦
8.8
CVE-2026-6358 - chromium-browser: Use after free in XR
Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)
7.1
CVE-2026-6855 - Instructlab: instructlab: path traversal allows arbitrary directory creation and file write
A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthβ¦
8.8
CVE-2026-6307 - chromium-browser: Type Confusion in Turbofan
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
6.3
CVE-2026-6362 - chromium-browser: Use after free in Codecs
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)