Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-13845

CVE-2026-13845_CVE-2026-13845

Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT...

Google Chrome 150.0.7871.47 CVE
HIGH 7.8 CVE-2026-13844

CVE-2026-13844_CVE-2026-13844

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via ...

Google Chrome 150.0.7871.47 CVE
HIGH 7.5 CVE-2026-13831

CVE-2026-13831_CVE-2026-13831

Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to e...

Google Chrome 150.0.7871.47 CVE
HIGH 8.8 CVE-2026-13830

CVE-2026-13830_CVE-2026-13830

Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious net...

Google Chrome 150.0.7871.47 CVE
HIGH 7.8 CVE-2026-13827

CVE-2026-13827_CVE-2026-13827

Use after free in Updater in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious f...

Google Chrome 150.0.7871.47 CVE
HIGH 7.5 CVE-2026-13824

CVE-2026-13824_CVE-2026-13824

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer pr...

Google Chrome 150.0.7871.47 CVE
HIGH 8.8 CVE-2026-13821

CVE-2026-13821_CVE-2026-13821

Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

Google Chrome 150.0.7871.47 CVE
MEDIUM 5.3 CVE-2026-20457

CVE-2026-20457_CVE-2026-20457

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to ...

MediaTek, Inc. MediaTek chipset MT2735 CVE
CRITICAL 9.1 CVE-2026-14198

@fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values_CVE-2026-14198

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fast...

Fastify @fastify/middie 9.1.0 CVE
HIGH 7.5 CVE-2026-14181

@fastify/middie standalone engine vulnerable to Denial of Service via malformed percent-encoded paths_CVE-2026-14181

@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request paths con...

@fastify/middie @fastify/middie 9.1.0 CVE