8.7
CVE-2026-0300 - PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-IDβ’ Authentication Porβ¦
A buffer overflow vulnerability in the User-IDβ’ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. β¦
8.7
CVE-2026-41938 - Vvveb < 1.0.8.2 RCE via Media Upload Handler
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can upload β¦
9.2
CVE-2026-41930 - Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gaiβ¦
6.9
CVE-2026-41931 - Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler
Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal errorβ¦
8.7
CVE-2026-41934 - Vvveb < 1.0.8.2 Authenticated RCE via Code Editor
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiting insufficient file extension restrictions. Attackers with editor, author, contributor, or site_admβ¦
8.6
CVE-2026-41936 - Vvveb < 1.0.8.2 XML External Entity Injection via Import
Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php toβ¦
8.3
CVE-2024-30151 - HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability
HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modβ¦
3.1
CVE-2026-8022 -
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted MHTML page. (Chromium security severity: Low)
4.2
CVE-2026-8021 - Script Injection in Chrome UI Enables Arbitrary Script Execution
Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
5.3
CVE-2026-8020 -
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)