Chrome

Edge

Brave

Opera

Use-after-free vulnerability in Dawn (WebGPU implementation) in Google Chrome prior to 146.0.7680.178 allows a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability affects all Chromium-based browsers including Chrome, Edge, Brave, Opera, and Vivaldi.

Chrome Release Blog

CISA KEV

The Hacker News

Chromium Bug Tracker

Google Chrome Dawn Use-After-Free Zero-Day (WebGPU)

NetScaler ADC

NetScaler Gateway

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider (IDP) leading to memory overread. This unauthenticated network-exploitable vulnerability allows remote attackers to read sensitive memory contents and potentially achieve remote code execution.

Citrix Security Advisory CTX696300

CISA Known Exploited Vulnerabilities

NVD - CVE-2026-3055

WatchTowr Labs — Citrix NetScaler CVE-2026-3055 Memory Overread Part 2

Citrix NetScaler ADC/Gateway SAML IDP Memory Overread (Critical)

WWBN AVideo

The isSSRFSafeURL() function in WWBN AVideo can be bypassed using IPv4-mapped IPv6 addresses, allowing unauthenticated access to internal networks, cloud metadata services, and localhost. This vulnerability affects WWBN AVideo versions <= 26.0 and can be exploited by sending a crafted request to the plugin/LiveLinks/proxy.php endpoint.

GitHub

SSRF Bypass in WWBN AVideo

Struts

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-explainer-images/cves/cve-2026-33017-1774796637782.png

Apache Struts 3.0.0 through 3.0.12 contains a critical vulnerability in its expression language (EL) processor that allows remote attackers to execute arbitrary code via crafted OGNL expressions in HTTP request parameters.

National Vulnerability Database

Apache Struts Security Advisory

Remote Code Execution in Apache Struts 3.0 Expression Language Processor

API Gateway

The Acme Cloud Platform API Gateway versions 2.1.0 through 2.4.3 contains an authentication bypass vulnerability in the token validation component that allows remote attackers to execute arbitrary code via crafted HTTP requests. This vulnerability exists due to improper validation of JWT tokens in the authentication middleware.

Acme Security Advisory

Remote Code Execution in Acme Cloud Platform API Gateway

TrueConf Client downloads application updates without verifying their integrity or authenticity. An attacker who can intercept or influence the update mechanism can deliver a tampered update package, resulting in arbitrary code execution.

Today's Vulnerability, Explained.

Today's CVE

TrueConf Client Update Integrity Bypass — Remote Code Execution via Tampered Updates

Recent CVEs

Google Chrome Dawn Use-After-Free Zero-Day (WebGPU)

Citrix NetScaler ADC/Gateway SAML IDP Memory Overread (Critical)

SSRF Bypass in WWBN AVideo

Remote Code Execution in Apache Struts 3.0 Expression Language Processor

Remote Code Execution in Acme Cloud Platform API Gateway

Get Daily CVE Alerts