CVE 清單 – 發現高風險與在野利用漏洞 ATT&CK 技術:Execution / RCE / Command Execution

MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.

顯示 121140 (還有更多結果)
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-13902 Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 4.3 0.22% 2026-06-30 2026-07-01
CVE-2026-13901 Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) 9.6 0.30% 2026-06-30 2026-07-02
CVE-2026-13896 Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) 6.5 0.22% 2026-06-30 2026-07-01
CVE-2026-13895 Inappropriate implementation in Autofill in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 4.2 0.20% 2026-06-30 2026-07-01
CVE-2026-13894 Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) 6.5 0.15% 2026-06-30 2026-07-01
CVE-2026-13892 Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 6.5 0.28% 2026-06-30 2026-07-01
CVE-2026-13882 Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) 9.6 0.21% 2026-06-30 2026-07-01
CVE-2026-13874 Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) 5.3 0.20% 2026-06-30 2026-07-01
CVE-2026-13871 Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) 6.5 0.28% 2026-06-30 2026-07-02
CVE-2026-13867 Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 4.3 0.21% 2026-06-30 2026-07-02
CVE-2026-13860 Incorrect security UI in Autofill in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 4.2 0.19% 2026-06-30 2026-07-01
CVE-2026-13857 Inappropriate implementation in Geometry in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 4.2 0.19% 2026-06-30 2026-07-01
CVE-2026-13842 Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) 4.3 0.22% 2026-06-30 2026-07-01
CVE-2026-13837 Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) 4.3 0.22% 2026-06-30 2026-07-02
CVE-2026-13795 Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) 6.5 0.25% 2026-06-30 2026-07-01
CVE-2026-9106 A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in ve 4.8 0.29% 2026-06-30 2026-07-02
CVE-2025-36333 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow. 4.3 0.28% 2026-06-30 2026-07-01
CVE-2025-36327 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security. 6.5 0.38% 2026-06-30 2026-07-01
CVE-2026-8864 The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability. 7.3 0.11% 2026-06-30 2026-07-02
CVE-2026-58174 Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated as the default profile by the profile authorization check, a user on the default profile can export the imported session transcript and use its session identifier to read files from the named profile's w 6.0 0.27% 2026-06-30 2026-07-01
cvelogic Threat Intelligence