8.8
CVE-2026-6360 - chromium-browser: Use after free in FileSystem
Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
7.5
CVE-2026-6319 - chromium-browser: Use after free in Payments
Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
8.8
CVE-2026-6300 - chromium-browser: Use after free in CSS
Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.3
CVE-2026-6297 - chromium-browser: Use after free in Proxy
Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
7.3
CVE-2026-30616 - Remote Command Execution via MCP STDIO in JaazΒ 1.0.30
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results β¦
8.8
CVE-2026-6305 - chromium-browser: Heap buffer overflow in PDFium
Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
7.5
CVE-2026-30996 - Directory Traversal in SACβNFe v2.0.02 download.php Allows Arbitrary File Read
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request.
9.8
CVE-2026-30625 - Remote Code Execution via MCP Task Creation in Upsonic 0.71.6
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable eβ¦
8.6
CVE-2026-30617 - Remote Code Execution via MCP STDIO Server Configuration in LangChain-ChatChat 0.3.1
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When thβ¦
8
CVE-2026-30615 - Prompt Injection in Windsurf Enables Remote Command Execution
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registraβ¦