A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when l…

CVSS: 8.0 · CWE: CWE-829

View on NVD

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors.

CVSS: 7.8 · CWE: CWE-829

View on NVD

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.

CVSS: 7.8 · CWE: CWE-829

View on NVD

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's en…

CVSS: 9.1 · CWE: CWE-201

View on NVD

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.

CVSS: 8.2 · CWE: CWE-732

View on NVD

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.

CVSS: 8.2 · CWE: CWE-732

View on NVD

BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContext() combined with eval(). Attackers can escape the Node.js vm sandbox by leveraging a host-context Fu…

CVSS: 8.8 · CWE: CWE-94

View on NVD

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through external requests. This attack requires the application code to have an existing prototype pollution vulnerability, which can then be leveraged in a 2-step attack where the second step triggers unauthorized…

CVSS: 8.1 · CWE: CWE-502

View on NVD

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'et_pb_text' shortcode 'cvdb_content_visibility_check' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

CVSS: 8.8 · CWE: CWE-94

View on NVD

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM (an untrusted principal per the project's own threat model) can set it to true in any tool_use response. Combined with the default allowUnsandboxedCommands: true settin…

CVSS: 9.8 · CWE: CWE-284

View on NVD

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

CVSS: 7.8 · CWE: CWE-502

View on NVD

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.

CVSS: 7.8 · CWE: CWE-502

View on NVD

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by supplying valid .NET URI endpoints. Attackers can write ASPX webshells to the IIS wwwroot directory to achie…

CVSS: 9.8 · CWE: CWE-306

View on NVD

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path that loads Hugging Face models with trust_remote_code=True. An unauthenticated attacker can supply a…

CVSS: 9.8 · CWE: CWE-94

View on NVD

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device.

CVSS: 8.8 · CWE: CWE-120

View on NVD

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely.

CVSS: 8.8 · CWE: CWE-120

View on NVD

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component

CVSS: 7.3 · CWE: CWE-121

View on NVD

Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allow an attacker to run remote commands, including est…

CVSS: 9.3 · CWE: CWE-1336

View on NVD

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.

CVSS: 8.8 · CWE: CWE-862

View on NVD

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access (e.g., PostgreSQL pg_execute_server_program, MySQL FILE, MSSQL xp_cmdshell), an attacker who can shape…

CVSS: 9.8 · CWE: CWE-89

View on NVD

In multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: 8.0 · CWE: CWE-122

View on NVD

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: 8.4 · CWE: CWE-190

View on NVD

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.

CVSS: 8.4 · CWE: CWE-120

View on NVD

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.

CVSS: 9.8 · CWE: CWE-121

View on NVD

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.

CVSS: 8.5 · CWE: CWE-502

View on NVD

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.

CVSS: 9.0 · CWE: CWE-502

View on NVD

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

CVSS: 9.0 · CWE: CWE-94

View on NVD

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.

CVSS: 8.8 · CWE: CWE-74

View on NVD

AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpo…

CVSS: 8.1 · CWE: CWE-502

View on NVD

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data.

CVSS: 7.8 · CWE: CWE-121

View on NVD

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.

CVSS: 7.8 · CWE: CWE-502

View on NVD

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information…

CVSS: 7.8 · CWE: CWE-190

View on NVD

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an appropriate path may be able to achieve arbitrary code execution with SYSTEM privileges.

CVSS: 7.4 · CWE: N/A

View on NVD

A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.

CVSS: 9.4 · CWE: CWE-94

View on NVD

In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform.

CVSS: 9.2 · CWE: CWE-121

View on NVD

A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.

CVSS: 9.8 · CWE: CWE-502

View on NVD

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as `masterslave:vm://...,...` and `static:vm://...` incorrectly pass validation allowing bypass of fix in CVE-2026-34197.  Original description from CVE-2026-34197. Apache ActiveMQ exposes…

CVSS: 8.8 · CWE: CWE-20

View on NVD

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetw…

CVSS: 8.1 · CWE: CWE-20

View on NVD

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.

CVSS: 8.0 · CWE: CWE-122

View on NVD

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

CVSS: 9.8 · CWE: CWE-306

View on NVD

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. Exploitation requires a two-block payload embedded in post content: the first block registers a fake…

CVSS: 8.8 · CWE: CWE-269

View on NVD

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX, but then performs the copy using the original cacheEntry->width/height. This can cause a large ou…

CVSS: 8.8 · CWE: CWE-122

View on NVD

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulne…

CVSS: 8.8 · CWE: CWE-122

View on NVD

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

CVSS: 7.1 · CWE: CWE-88

View on NVD

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote server deployment feature, this vulnerability enables arbitrary file write to remote server filesystems,…

CVSS: 9.9 · CWE: CWE-22

View on NVD

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php to execute arbitrary code on the server.

CVSS: 8.8 · CWE: CWE-434

View on NVD

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types and executable content.

CVSS: 7.3 · CWE: CWE-434

View on NVD

manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name} and /simple_execute/{method_name} endpoints deserialize attacker-controlled HTTP request bodies using pickle.loads(). A remote attacker can supply a crafted pickle payload to these endpoi…

CVSS: 9.8 · CWE: CWE-502

View on NVD

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the get_diagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user confirmation; includeAnalyzers defaults to true, so no explicit opt-in is required. An attacker who…

CVSS: 7.8 · CWE: CWE-94

View on NVD

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CVSS: 7.2 · CWE: CWE-434

View on NVD

DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CVSS: 9.8 · CWE: CWE-434

View on NVD

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges (campaign:imports:create) can write arbitrary PHP files to sensitive system directories. An attacker can exp…

CVSS: 9.9 · CWE: CWE-22

View on NVD

A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the hosting server (Remote Code Execution) or access restricted system files and configuration settings.

CVSS: 9.9 · CWE: CWE-1336

View on NVD

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

CVSS: 10.0 · CWE: CWE-77

View on NVD

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control Interface' section on the ASUS Security Advisory for more information.

CVSS: 7.3 · CWE: CWE-732

View on NVD

Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-269

View on NVD

Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)

CVSS: 7.8 · CWE: CWE-20

View on NVD

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-843

View on NVD

Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-94

View on NVD

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-787

View on NVD

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-20

View on NVD

Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-472

View on NVD

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

CVSS: 8.1 · CWE: CWE-416

View on NVD

Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-457

View on NVD

Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-472

View on NVD

Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-416

View on NVD

Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Heap buffer overflow in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-122

View on NVD

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-94

View on NVD

Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-416

View on NVD

Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-125

View on NVD

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-416

View on NVD

Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-125

View on NVD

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-472

View on NVD

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-416

View on NVD

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-787

View on NVD

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: Critical)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 · CWE: CWE-787

View on NVD

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)

CVSS: 8.8 · CWE: CWE-843

View on NVD

Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 8.8 · CWE: CWE-20

View on NVD

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-472

View on NVD

Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 7.5 · CWE: CWE-472

View on NVD

Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 · CWE: CWE-416

View on NVD