newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-21 22:48Z
Subscribe to news →
CVE-2025-11993 — WooCommerce: The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP
The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'import_settings' function. This is due to deserialization of untrusted data supplied via the import configuration feature without capability checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No POP chain is present w CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
Kaspersky Securelist·securelist.comCVE-2025-55182CVE-2023-4911CVE-2021-4034CVE-2025-49844CVE-2026-24061CVE-2025-32463
Kaspersky's analysis of 100 popular Docker Hub images reveals systemic container security failures: 64% contain critical unpatched vulnerabilities (Redis RCE, nginx DoS/RCE, sudo/glibc privesc), hardcoded credentials in layer history, passwordless sudo configurations, and world-writable directories enabling privilege escalation. Only 10% of analyzed images are fully up-to-date; the research demonstrates how supply-chain risks (Trivy/LiteLLM incidents) compound the challenge of balancing timely patching against update-driven compromise.
72
Edit Score
CVE-2026-9999 — Inappropriate: implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a
Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9998 — Integer: overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker
Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9997 — Use: after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9995 — Use: after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9994 — Use: after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9993 — Use: after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9992 — Use: after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9988 — Use: after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed
Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9984 — Use: after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed
Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9983 — Type: Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker
Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9982 — Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9978 — Use: after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9977 — Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to
Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9976 — Inappropriate: implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker
Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9975 — Out: of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216
Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9974 — Out: of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9973 — Out: of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a
Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9972 — Uninitialized: Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a
Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9970 — Use: after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9969 — Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9968 — Integer: overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker
Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9967 — Out: of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-9966 — Integer: overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a
Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score