8.1
CVE-2026-28387 - Potential Use-after-free in DANE Client Code
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenceβ¦
4.3
CVE-2026-5875 - chromium-browser: Policy bypass in Blink
Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
6.5
CVE-2026-5903 - chromium-browser: Policy bypass in IFrameSandbox
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
6.5
CVE-2026-5885 - chromium-browser: Insufficient validation of untrusted input in WebML
Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
9.8
CVE-2026-31272 - Super Administrator Creation Without Authentication in MRCMS 3.1.2
MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication.
9.8
CVE-2026-31271 - Privilege Escalation via Unauthenticated Super Admin Creation in megagao production_ssm v1.0
megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endβ¦
8.8
CVE-2026-5884 - chromium-browser: Insufficient validation of untrusted input in Media
Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
5.3
CVE-2026-5890 - chromium-browser: Race in WebCodecs
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
6.5
CVE-2026-5888 - chromium-browser: Uninitialized Use in WebCodecs
Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
8.8
CVE-2026-5870 - chromium-browser: Integer overflow in Skia
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)