CVE-2026-7876 - IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
Published: May 27, 2026; 10:17:35 AM -0400

V3.1: 9.1 CRITICAL

CVE-2026-47335 - Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic.
Published: May 28, 2026; 3:16:42 PM -0400

CVE-2026-47336 - Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and could result in incorrect fine-grained mediatio... read CVE-2026-47336
Published: May 28, 2026; 3:16:42 PM -0400

CVE-2026-47337 - Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.
Published: May 28, 2026; 3:16:42 PM -0400

CVE-2026-33462 - A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts ... read CVE-2026-33462
Published: May 28, 2026; 4:16:22 PM -0400

V3.1: 7.3 HIGH

CVE-2026-33463 - Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its ... read CVE-2026-33463
Published: May 28, 2026; 4:16:22 PM -0400

CVE-2026-33464 - Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana... read CVE-2026-33464
Published: May 28, 2026; 4:16:23 PM -0400

CVE-2026-42401 - Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected... read CVE-2026-42401
Published: May 28, 2026; 4:16:23 PM -0400

V3.1: 5.4 MEDIUM

CVE-2026-34311 - Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulne... read CVE-2026-34311
Published: May 28, 2026; 5:16:29 PM -0400

V3.1: 9.8 CRITICAL

CVE-2026-46820 - Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with... read CVE-2026-46820
Published: May 28, 2026; 5:16:31 PM -0400

V3.1: 8.5 HIGH

CVE-2026-46821 - Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with... read CVE-2026-46821
Published: May 28, 2026; 5:16:32 PM -0400

CVE-2026-46822 - Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access ... read CVE-2026-46822
Published: May 28, 2026; 5:16:32 PM -0400

CVE-2026-46823 - Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged at... read CVE-2026-46823
Published: May 28, 2026; 5:16:32 PM -0400

CVE-2026-46824 - Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privile... read CVE-2026-46824
Published: May 28, 2026; 5:16:32 PM -0400

CVE-2026-9959 - Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Published: May 28, 2026; 7:16:54 PM -0400

CVE-2026-9961 - Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: May 28, 2026; 7:16:54 PM -0400

CVE-2026-9964 - Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
Published: May 28, 2026; 7:16:54 PM -0400

CVE-2026-9965 - Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: May 28, 2026; 7:16:54 PM -0400

CVE-2026-9966 - Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: May 28, 2026; 7:16:54 PM -0400

CVE-2026-9986 - Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity... read CVE-2026-9986
Published: May 28, 2026; 7:16:56 PM -0400