vulnerability management

CVE-2026-11097 is a medium-severity Chrome for Android WebView vulnerability published on June 4, 2026, affecting Google Chrome on Android before 149.0.7827.53 and allowing a remote attacker to leak cross-origin data through a crafted HTML page. The short answer is yes: the current...

CVE-2026-11167 is a newly published Chrome-for-Android WebView vulnerability, disclosed on June 4, 2026, affecting Google Chrome versions before 149.0.7827.53 and describing a potential sandbox escape after renderer compromise through a crafted HTML page. The awkward part is not just the bug; it...

Google’s CVE-2026-11010 is a Chrome-on-Android WebShare use-after-free flaw disclosed on June 4, 2026, fixed before version 149.0.7827.53, and scored by CISA’s ADP process as a high-severity issue despite Chromium’s own “Medium” label. The oddity is not merely the mismatch between severity...

Microsoft has published CVE-2026-47634 as a Microsoft SharePoint Server spoofing vulnerability in the Security Update Guide, and the key signal in the advisory is not just the spoofing label but Microsoft’s confidence that the vulnerability exists and has credible technical grounding. That makes...

NVD’s June 8, 2026 enrichment for CVE-2026-11287 lists Google Chrome versions before 149.0.7827.53 combined with Android as the vulnerable configuration, but the record still appears incomplete because it does not expose a distinct Android Chrome package CPE. That is the small but important...

Google published CVE-2026-11188 on June 4, 2026, describing a medium-severity use-after-free flaw in Chrome’s USB component on Android before version 149.0.7827.53 that could let a remote attacker attempt a sandbox escape through a crafted HTML page. The interesting part is not that Chrome has...

CVE-2026-11148 is a medium-severity Chrome for Android payments vulnerability, published June 4, 2026 and modified by NVD on June 8, affecting Google Chrome versions before 149.0.7827.53 on Android and allowing cross-origin data leakage through a crafted HTML page. The awkward part is not the...

Google Chrome on Android versions before 149.0.7827.53 were assigned CVE-2026-11175 on June 4, 2026, after Google disclosed that a crafted HTML page could spoof security-related UI in the browser’s Messages surface. The flaw is not a classic memory-corruption emergency, but it lands in a class...

CVE-2026-11145 is a medium-severity Chrome for Android vulnerability, published by NVD on June 4, 2026 and last modified on June 8, that affects Google Chrome before version 149.0.7827.53 and can allow cross-origin data leakage through a crafted HTML page. The bug is not the sort of...

Google Chrome’s CVE-2026-11119 was published by NVD on June 4, 2026, and describes a Chrome-on-Android GPU flaw fixed before version 149.0.7827.53 that could let an attacker escape the browser sandbox after first compromising the renderer with a crafted HTML page. The record is messy in exactly...

On June 4, 2026, Chrome published CVE-2026-11012, a use-after-free flaw in Chrome for Android’s Serial component fixed before version 149.0.7827.53 that could let an attacker who had already compromised the renderer attempt a sandbox escape through a crafted HTML page. The awkward part is not...

Microsoft has published CVE-2026-45503 as a Microsoft Exchange Server information disclosure vulnerability in the Security Update Guide, with the public record emphasizing confidence in the vulnerability’s existence and available technical detail rather than a fully disclosed exploit narrative...

Microsoft has listed CVE-2026-47637 as a Microsoft SharePoint Server spoofing vulnerability in its Security Update Guide, with the advisory source indicating that the issue concerns confidence in the vulnerability’s existence and the credibility of currently public technical details. That makes...

Microsoft published CVE-2026-45466, a Microsoft Word information disclosure vulnerability, in its Security Update Guide on Tuesday, June 9, 2026, identifying Word as the affected application and framing the issue as a confidentiality risk rather than code execution. The advisory arrives in the...

Microsoft has listed CVE-2026-45479 as a Microsoft SharePoint Server spoofing vulnerability in the Security Update Guide as of June 2026, but the public record available at publication time appears to expose the label and affected product family more clearly than the underlying technical...

CISA added CVE-2026-28318, an actively exploited SolarWinds Serv-U uncontrolled resource consumption flaw, to its Known Exploited Vulnerabilities catalog on June 5, 2026, warning federal agencies and private defenders that exposed file-transfer infrastructure now belongs at the front of the...

Microsoft’s CVE-2026-47655 is an information disclosure vulnerability in Microsoft Graph, published through the Microsoft Security Response Center’s Security Update Guide, with the available public framing focused less on exploit mechanics than on confidence in the report and the credibility of...

Hitachi Energy’s MACH HiDraw versions 9.22 and earlier are affected by CVE-2026-7310, a locally exploitable heap-based buffer overflow in the product’s XML parser that CISA republished on June 4, 2026, after Hitachi Energy’s May 26 advisory. The flaw is not the sort of remote, wormable bug that...

Microsoft’s most useful Windows security planning signal is increasingly the Security Update Guide revision stream, not just the Patch Tuesday release itself, because Microsoft uses that guide and its notification service to surface re-released updates, newly published CVEs, republished CVEs...

On June 2, 2026, CISA added CVE-2022-0492, a Linux kernel cgroups privilege-escalation flaw, and CVE-2025-48595, an Android Framework integer-overflow flaw, to its Known Exploited Vulnerabilities Catalog after determining both are being exploited in the wild. That terse federal alert is more...