Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-8516 — Google Chrome UI Gesture Memory Information Disclosure Vulnerability

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentia…

linux_kernel chrome macos windows edge_chromium | Remote | Information Disclosure
May 14, 2026 May 18, 2026
May 14, 2026
May 18, 2026
8.3 HIGH
CVE-2026-8515 — Google Chrome HID Use-After-Free Sandbox Escape

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted H…

linux_kernel chrome macos windows edge_chromium | Remote | Memory Corruption
May 14, 2026 May 18, 2026
May 14, 2026
May 18, 2026
8.3 HIGH
CVE-2026-8514 — Google Chrome Aura Use-After-Free Vulnerability

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…

linux_kernel chrome macos windows edge_chromium | Remote | Memory Corruption
May 14, 2026 May 18, 2026
May 14, 2026
May 18, 2026
8.3 HIGH
CVE-2026-8513 — Google Chrome Android Use After Free Vulnerability

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…

android chrome edge_chromium | Remote | Memory Corruption
May 14, 2026 May 19, 2026
May 14, 2026
May 19, 2026
8.3 HIGH
CVE-2026-8512 — Google Chrome FileSystem Use-After-Free Sandbox Escape

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr…

linux_kernel chrome macos windows edge_chromium | Remote | Memory Corruption
May 14, 2026 May 18, 2026
May 14, 2026
May 18, 2026
9.6 CRITICAL
CVE-2026-8511 — Google Chrome UI Use-After-Free Sandbox Escape

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

linux_kernel chrome macos windows edge_chromium | Remote | Memory Corruption
May 14, 2026 May 18, 2026
May 14, 2026
May 18, 2026
7.5 HIGH
CVE-2026-8510 — Google Chrome Skia Integer Overflow

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted …

chrome windows edge_chromium | Remote | Memory Corruption
May 14, 2026 May 19, 2026
May 14, 2026
May 19, 2026
8.8 HIGH
CVE-2026-8509 — Google Chrome Heap Buffer Overflow Vulnerability

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti…

linux_kernel chrome macos windows edge_chromium | Remote | Memory Corruption
May 14, 2026 May 18, 2026
May 14, 2026
May 18, 2026
7.5 HIGH
CVE-2026-46356 — Fleet: IP spoofing allows bypassing API rate limiting

Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing clien…

fleet | Remote | Misconfiguration
May 14, 2026 May 18, 2026
May 14, 2026
May 18, 2026
2.5 LOW
CVE-2026-44638 — libsixel: NULL pointer dereference

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointe…

libsixel | Memory Corruption
May 14, 2026 May 15, 2026
May 14, 2026
May 15, 2026
7.1 HIGH
CVE-2026-44637 — libsixel: integer overflow in parser

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-boun…

libsixel | Memory Corruption
May 14, 2026 May 15, 2026
May 14, 2026
May 15, 2026
7.8 HIGH
CVE-2026-44636 — libsixel: integer overflow in encoder

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu…

libsixel | Memory Corruption
May 14, 2026 May 16, 2026
May 14, 2026
May 16, 2026
5.5 MEDIUM
CVE-2026-43996 — OpenImageIO: Integer wraparound in bounds check of decode_pixel leads to out-of-bounds re…

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_…

openimageio | Memory Corruption
May 14, 2026 May 16, 2026
May 14, 2026
May 16, 2026
8.8 HIGH
CVE-2026-43909 — OpenImageIO: Signed integer overflow in SwapRGBABytes loop index leads to out-of-bounds r…

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…

openimageio | Remote | Memory Corruption
May 14, 2026 May 15, 2026
May 14, 2026
May 15, 2026
8.8 HIGH
CVE-2026-43908 — OpenImageIO: Signed integer overflow in ConvertCbYCrYToRGB leads to heap out-of-bounds wr…

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…

openimageio | Remote | Memory Corruption
May 14, 2026 May 15, 2026
May 14, 2026
May 15, 2026
8.3 HIGH
CVE-2026-43907 — OpenImageIO: Integer overflow in QueryRGBBufferSizeInternal leads to heap out-of-bounds w…

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGB…

openimageio | Remote | Memory Corruption
May 14, 2026 May 15, 2026
May 14, 2026
May 15, 2026
8.5 HIGH
CVE-2026-43906 — OpenImageIO: HEIF Heap overflow

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the H…

openimageio | Memory Corruption
May 14, 2026 May 15, 2026
May 14, 2026
May 15, 2026
7.8 HIGH
CVE-2026-43905 — OpenImageIO: JPEG2000 (OpenJPH) signed integer overflow in buffer allocation

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer…

openimageio | Memory Corruption
May 14, 2026 May 15, 2026
May 14, 2026
May 15, 2026
8.4 HIGH
CVE-2026-43904 — OpenImageIO: Softimage PIC RLE decoder heap buffer overflow — longCount not clamped to im…

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an…

openimageio | Memory Corruption
May 14, 2026 May 16, 2026
May 14, 2026
May 16, 2026
8.4 HIGH
CVE-2026-43903 — OpenImageIO: SGI RLE decoder heap buffer overflow OIIO_DASSERT bounds checks are no-ops i…

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT…

openimageio | Memory Corruption
May 14, 2026 May 15, 2026
May 14, 2026
May 15, 2026
Showing 20 of 7215 Results