8.8
CVE-2026-7899 - Out-of-Bounds Read/Write in V8 Enables Arbitrary Code Execution
Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-7898 -
Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
7.5
CVE-2026-7897 -
Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
8.8
CVE-2026-7896 -
Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
5.3
CVE-2025-31960 - HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handβ¦
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger anβ¦
3.9
CVE-2025-31974 - HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only
HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes.
6.9
CVE-2026-8031 - PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication
A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exβ¦
8.7
CVE-2026-33079 - Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping altβ¦
9
CVE-2026-29090 - Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database
### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID searcβ¦
5.4
CVE-2026-20219 - Insecure Direct Object Reference in Cisco Slido REST API Allowing Unauthorized User Data Access
A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existedβ¦