MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-13902 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | 0.22% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13901 | Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | 9.6 | 0.30% | 2026-06-30 | 2026-07-02 |
| CVE-2026-13896 | Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | 0.22% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13895 | Inappropriate implementation in Autofill in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 4.2 | 0.20% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13894 | Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | 0.15% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13892 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | 0.28% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13882 | Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | 9.6 | 0.21% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13874 | Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | 5.3 | 0.20% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13871 | Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | 0.28% | 2026-06-30 | 2026-07-02 |
| CVE-2026-13867 | Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | 0.21% | 2026-06-30 | 2026-07-02 |
| CVE-2026-13860 | Incorrect security UI in Autofill in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 4.2 | 0.19% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13857 | Inappropriate implementation in Geometry in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 4.2 | 0.19% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13842 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | 4.3 | 0.22% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13837 | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | 4.3 | 0.22% | 2026-06-30 | 2026-07-02 |
| CVE-2026-13795 | Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) | 6.5 | 0.25% | 2026-06-30 | 2026-07-01 |
| CVE-2026-9106 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in ve | 4.8 | 0.29% | 2026-06-30 | 2026-07-02 |
| CVE-2025-36333 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow. | 4.3 | 0.28% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36327 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security. | 6.5 | 0.38% | 2026-06-30 | 2026-07-01 |
| CVE-2026-8864 | The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability. | 7.3 | 0.11% | 2026-06-30 | 2026-07-02 |
| CVE-2026-58174 | Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated as the default profile by the profile authorization check, a user on the default profile can export the imported session transcript and use its session identifier to read files from the named profile's w | 6.0 | 0.27% | 2026-06-30 | 2026-07-01 |