Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.6 CVE-2026-14056

CVE-2026-14056_CVE-2026-14056

Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rende...

Google Chrome 150.0.7871.47 CVE
CRITICAL 9.6 CVE-2026-14055

CVE-2026-14055_CVE-2026-14055

Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had com...

Google Chrome 150.0.7871.47 CVE
CRITICAL 9.6 CVE-2026-14043

CVE-2026-14043_CVE-2026-14043

Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potent...

Google Chrome 150.0.7871.47 CVE
CRITICAL 9.3 CVE-2026-14038

CVE-2026-14038_CVE-2026-14038

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised th...

Google Chrome 150.0.7871.47 CVE
CRITICAL 9.6 CVE-2026-14037

CVE-2026-14037_CVE-2026-14037

Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process t...

Google Chrome 150.0.7871.47 CVE
CRITICAL 9.1 CVE-2026-14198

@fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values_CVE-2026-14198

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fast...

Fastify @fastify/middie 9.1.0 CVE
CRITICAL 9.8 CVE-2026-57692

WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability_CVE-2026-57692

Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a thro...

LCweb PrivateContent n/a CVE
CRITICAL 9 CVE-2026-13603

SSRF with API key leak in pretix-oppwa_CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's techno...

pretix pretix-oppwa CVE
CRITICAL 9.2 A750C77E-2A84-

Exploit for Incorrect Calculation of Buffer Size in F5 Dos_A750C77E-2A84-512E-851A-D31DBACF4509

RIFT — Remote Injection & Fault Trigger Author: Michael Sanji Winaya Prawiradibrata AI Co-Author: Varanus — sahabatku Heap buffer overflow exploit ...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 CVE-2026-11387

SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset_CVE-2026-11387

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation...

cozyvision1 SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery 3.9.5 CVE