TrueConf Client downloads application updates without verifying their integrity or authenticity. An attacker who can intercept or influence the update mechanism can deliver a tampered update package, resulting in arbitrary code execution.

TrueConf Client Update Integrity Bypass — Remote Code Execution via Tampered Updates

Chrome

Edge

Brave

Opera

Use-after-free vulnerability in Dawn (WebGPU implementation) in Google Chrome prior to 146.0.7680.178 allows a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability affects all Chromium-based browsers including Chrome, Edge, Brave, Opera, and Vivaldi.

Chrome Release Blog

CISA KEV

The Hacker News

Chromium Bug Tracker

Google Chrome Dawn Use-After-Free Zero-Day (WebGPU)

NetScaler ADC

NetScaler Gateway

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider (IDP) leading to memory overread. This unauthenticated network-exploitable vulnerability allows remote attackers to read sensitive memory contents and potentially achieve remote code execution.

Citrix Security Advisory CTX696300

CISA Known Exploited Vulnerabilities

NVD - CVE-2026-3055

WatchTowr Labs — Citrix NetScaler CVE-2026-3055 Memory Overread Part 2

Citrix NetScaler ADC/Gateway SAML IDP Memory Overread (Critical)

WWBN AVideo

The isSSRFSafeURL() function in WWBN AVideo can be bypassed using IPv4-mapped IPv6 addresses, allowing unauthenticated access to internal networks, cloud metadata services, and localhost. This vulnerability affects WWBN AVideo versions <= 26.0 and can be exploited by sending a crafted request to the plugin/LiveLinks/proxy.php endpoint.

GitHub

SSRF Bypass in WWBN AVideo

Struts

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-explainer-images/cves/cve-2026-33017-1774796637782.png

Apache Struts 3.0.0 through 3.0.12 contains a critical vulnerability in its expression language (EL) processor that allows remote attackers to execute arbitrary code via crafted OGNL expressions in HTTP request parameters.

National Vulnerability Database

Apache Struts Security Advisory

Remote Code Execution in Apache Struts 3.0 Expression Language Processor

API Gateway

The Acme Cloud Platform API Gateway versions 2.1.0 through 2.4.3 contains an authentication bypass vulnerability in the token validation component that allows remote attackers to execute arbitrary code via crafted HTTP requests. This vulnerability exists due to improper validation of JWT tokens in the authentication middleware.

Acme Security Advisory

Remote Code Execution in Acme Cloud Platform API Gateway

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-explainer-images/cves/cve-2026-33634-1774624198990.png

A remote code execution vulnerability exists in Apache Struts 2.5.0 through 2.5.30 due to improper validation of user-supplied OGNL expressions in the expression language parser. An unauthenticated attacker can execute arbitrary code on affected systems by submitting specially crafted expressions.

Remote Code Execution in Apache Struts Expression Language Parser

Safari

iPadOS

macOS Sequoia

watchOS

tvOS

visionOS

A buffer overflow vulnerability exists in Apple's WebKit rendering engine (CWE-119). Processing maliciously crafted web content may lead to memory corruption. This vulnerability is one of six zero-days comprising the DarkSword iOS exploit chain, actively used by commercial surveillance vendors and suspected state-sponsored threat actors against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.

CISA KEV Catalog

Google GTIG — DarkSword Blog

Apple Security Advisory (iOS 18.6)

Apple Security Advisory (macOS Sequoia 15.6)

Full Disclosure Mailing List

Apple DarkSword: WebKit Buffer Overflow Exploited in iOS Spy Campaign

A memory corruption issue (CWE-120 classic buffer overflow) in Apple's kernel memory handling allows a malicious application to cause unexpected system termination or write to kernel memory. This vulnerability is one of six leveraged by the DarkSword iOS full-chain exploit, which has been actively used by commercial surveillance vendors and suspected state-sponsored actors to fully compromise Apple devices running iOS 18.4–18.7.

Apple DarkSword Buffer Overflow — Actively Exploited iOS/macOS Kernel Write

A remote code execution vulnerability exists in Apache Struts versions 2.5.0 through 2.5.30 due to improper validation of OGNL expressions in the framework's expression language parser. An unauthenticated attacker can execute arbitrary code on affected systems by submitting specially crafted expressions through HTTP requests.

Remote Code Execution in Apache Struts Framework Expression Language Parser

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-explainer-images/cves/cve-2025-32432-1774105379659.png

A remote code execution vulnerability exists in Apache Struts versions 2.5.0 through 2.5.30 due to improper validation of OGNL expressions in tag attributes. An unauthenticated attacker can execute arbitrary code on affected systems by submitting specially crafted HTTP requests containing malicious OGNL expressions.

Remote Code Execution in Apache Struts Framework via OGNL Expression Injection

Apache Struts versions 3.0.1 through 3.0.8 contain a critical vulnerability in the expression language (EL) processor that allows remote attackers to execute arbitrary code via crafted OGNL expressions in HTTP request parameters when dynamic method invocation is enabled.

CVE Archive