CVE Database

CVE-2026-2587CRITICALnone
CVSS 9.6
EPSS 0.15%
Priority 0
CWE CWE-917

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language (EL) “expressions” are processed without proper sanitization or escaping. By injecting expressions such as #{7*7}, the server returns 49, confirming server-side EL evaluation. This issue allows a remote attacker to fully compromise the underlying host, enabling capabilities as reading/modifying data, executing arbitrary commands, persistence, and lateral movement.

CVE-2026-13853CRITICALnone
CVSS 9.6
EPSS 0.21%
Priority 0
CWE CWE-416

Use after free in Journeys in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-34263CRITICALnone
CVSS 9.6
EPSS 0.02%
Priority 0
CWE CWE-459

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

CVE-2026-56351CRITICALnone
CVSS 9.6
EPSS 0.21%
Priority 0
CWE CWE-89

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column names to execute unauthorized database commands and compromise data integrity.

CVE-2026-14101CRITICALnone
CVSS 9.6
EPSS 0.17%
Priority 0

Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-5166CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0
CWE CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 0.6.4.

CVE-2026-46906CRITICALnone
CVSS 9.6
EPSS
Priority 0
CWE CWE-284

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Tools accessible data as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 9.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).

CVE-2026-12296CRITICALnone
CVSS 9.6
EPSS 0.30%
Priority 0

Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-6296CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0
CWE CWE-122

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-14390CRITICALnone
CVSS 9.6
EPSS 0.24%
Priority 0
CWE CWE-416

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-14382CRITICALnone
CVSS 9.6
EPSS 0.28%
Priority 0
CWE CWE-20

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-11152CRITICALnone
CVSS 9.6
EPSS 0.07%
Priority 0

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13792CRITICALnone
CVSS 9.6
EPSS 0.21%
Priority 0
CWE CWE-416

Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-13785CRITICALnone
CVSS 9.6
EPSS 0.22%
Priority 0
CWE CWE-416

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-41397CRITICALnone
CVSS 9.6
EPSS 0.06%
Priority 0
CWE CWE-59

OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to access arbitrary files outside intended boundaries.

CVE-2026-45628CRITICALnone
CVSS 9.6
EPSS 0.05%
Priority 0
CWE CWE-20

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (which runs through /bin/sh -c). User-supplied branch names, repository URLs, and Docker credentials are interpolated directly into these commands without escaping. This requires an authenticated user with application create/edit privileges.

CVE-2026-7908CRITICALnone
CVSS 9.6
EPSS 0.06%
Priority 0
CWE CWE-416

Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-13032CRITICALnone
CVSS 9.6
EPSS 0.21%
Priority 0
CWE CWE-416

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-8953CRITICALnone
CVSS 9.6
EPSS 0.04%
Priority 0

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-42904CRITICALnone
CVSS 9.6
EPSS
Priority 0
CWE CWE-122

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

CVE-2025-15036CRITICALnone
CVSS 9.6
EPSS 0.05%
Priority 0
CWE CWE-29

A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.

CVE-2026-8043CRITICALnone
CVSS 9.6
EPSS 0.09%
Priority 0
CWE CWE-73

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.

CVE-2026-34430CRITICALnone
CVSS 9.6
EPSS 0.09%
Priority 0
CWE CWE-184

ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers can exploit the incomplete shell semantics modeling to read and modify files outside the sandbox boundary and achieve arbitrary command execution through subprocess invocation with shell interpretation enabled.

CVE-2026-44482CRITICALnone
CVSS 9.6
EPSS 0.11%
Priority 0
CWE CWE-20

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on the user's machine. The application exposes a preload API (window.soundcloudAPI.sendTrackUpdate) to the remote SoundCloud page. Track metadata from SoundCloud is trusted and forwarded through IPC into the Electron main process. The app later renders that metadata as raw HTML inside privileged Electron views that have Node.js integration enabled. This vulnerability is fixed in 0.1.8.

CVE-2026-13780CRITICALnone
CVSS 9.6
EPSS
Priority 0
CWE CWE-20

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-10892CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0
CWE CWE-787

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-34205CRITICALnone
CVSS 9.6
EPSS 0.02%
Priority 0
CWE CWE-923

Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue.

CVE-2026-13878CRITICALnone
CVSS 9.6
EPSS 0.21%
Priority 0
CWE CWE-416

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-41589CRITICALnone
CVSS 9.6
EPSS 0.04%
Priority 0
CWE CWE-22

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequences over the SCP protocol. This issue has been patched in version 2.0.1.

CVSS 9.6
EPSS
Priority 0

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

CVE-2026-11095CRITICALnone
CVSS 9.6
EPSS 0.08%
Priority 0
CWE CWE-20

Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2024-27890CRITICALnone
CVSS 9.6
EPSS
Priority 0
CWE CWE-306

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

CVE-2026-36760CRITICALnone
CVSS 9.6
EPSS 0.04%
Priority 0
CWE CWE-22

An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled.

CVE-2026-10972CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0
CWE CWE-416

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-35044CRITICALnone
CVSS 9.6
EPSS 0.04%
Priority 0
CWE CWE-1336

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile_template files. When a victim imports a malicious bento archive and runs bentoml containerize, attacker-controlled Jinja2 template code executes arbitrary Python directly on the host machine, bypassing all container isolation. This vulnerability is fixed in 1.4.38.

CVE-2026-10990CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0
CWE CWE-416

Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-11009CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0
CWE CWE-416

Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-10931CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0
CWE CWE-416

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-57625CRITICALnone
CVSS 9.6
EPSS 0.27%
Priority 0
CWE CWE-79

Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions.

CVE-2026-11250CRITICALnone
CVSS 9.6
EPSS 0.07%
Priority 0

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-11002CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0
CWE CWE-416

Use after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-7333CRITICALnone
CVSS 9.6
EPSS 0.07%
Priority 0
CWE CWE-416

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-52703CRITICALnone
CVSS 9.6
EPSS 0.34%
Priority 0
CWE CWE-35

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

CVE-2026-11293CRITICALnone
CVSS 9.6
EPSS 0.07%
Priority 0
CWE CWE-416

Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14152CRITICALnone
CVSS 9.6
EPSS 0.23%
Priority 0
CWE CWE-787

Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-10966CRITICALnone
CVSS 9.6
EPSS 0.05%
Priority 0
CWE CWE-20

Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)

CVE-2026-10983CRITICALnone
CVSS 9.6
EPSS 0.05%
Priority 0
CWE CWE-20

Insufficient validation of untrusted input in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-14398CRITICALnone
CVSS 9.6
EPSS 0.21%
Priority 0
CWE CWE-416

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-13789CRITICALnone
CVSS 9.6
EPSS 0.21%
Priority 0
CWE CWE-416

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-6356CRITICALnone
CVSS 9.6
EPSS 0.03%
Priority 0

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.

← PreviousPage 49 of 691Next →