| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) |
| Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| NVIDIA TensorRT contains a vulnerability where an attacker might cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution. |
| An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic information without verifying the file type or ownership. An unprivileged local attacker can exploit this behavior by creating a symbolic link (symlink) at a predictable destination path pointing to an arbitrary, root-readable file (such as /etc/shadow or private files within /root). When a root administrator or operator subsequently executes the pro collect-logs command, the tool follows the user-controlled symlink, reads the target file, and compresses its contents into the resulting diagnostic support archive. Because the output archive remains readable by the unprivileged user, the attacker can extract and read the sensitive root-owned files, leading to a complete information disclosure of system secrets. |
| xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulting in execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the Fay service. |
| LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary command and args values. LiteLLM executes these values on the host without validation, enabling attackers to run arbitrary operating system commands. Successful exploitation may result in remote code execution with the privileges of the LiteLLM process. |
| stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure. |
| o
CVE-2026-40957 is a frameable content
vulnerability in the Secure Access server login page prior to 14.55. Attackers
with control of a malicious web site could use it to potentially steal
credentials from an unwary administrator. |
| CVE-2026-40953 is a heap overflow in the
certificate parsing function of Secure Access clients prior to 14.55. Attackers
with local access and administrator permissions can create a denial of service
attack against the client over which they have control. |
| CVE-2026-40954
is an integer underflow vulnerability in the traffic parsing function of Secure
Access clients prior to 14.55. Attackers with intimate knowledge of and total
control over the tunnel protocol can create a non-persistent DoS against their
client |
| Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or data tampering, may cause GameSDK to become unavailable, and may also enable access to the victim’s information on other services.
Refer to the ' Security Update for ASUS GameSDK ' section on the ASUS Security Advisory for more information. |
| Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections.
Refer to the '
Security Update for ASUS System Control Interface ' section on the ASUS Security Advisory for more information. |
| CVE-2026-40955 is an integer underflow
vulnerability in the traffic parsing function of Secure Access clients prior to
14.55. Attackers with intimate knowledge of and total control over the tunnel
protocol can create a non-persistent DoS against their client. |
| CVE-2026-40956
is a memory disclosure vulnerability in Secure Access client versions prior to 14.55.
Attackers with intimate knowledge of and total control over the tunnel protocol
can cause a small amount of random memory to leak. |
| CVE-2026-40958
is a input validation error in Secure Access clients prior to 14.55. Attackers
with intimate knowledge of and total control over the tunnel protocol can
create a non-persistent DoS against their client. |
| CVE-2026-33443 is a memory management error in
Secure Access servers prior to 14.55. Attackers with an intimate knowledge of
and total control over the tunnel protocol can create a persistent DoS against
the server. |