CVE-2026-14156
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised th
CVSS
6.5
Medio
EPSS
0.2%
p10
KEV
—
Exploit Today
3
0-100
Publicado: 30 jun 2026 · Última mod.: 2 jul 2026 · CWE-862 · CWE-284
0.2%EPSS · 30 días0.2%
2026-07-012026-07-17
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-277718.2 ALT98.5%
——30Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.11dCVE-2023-361447.5 ALT98.3%
——30An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.9dCVE-2021-445958.8 ALT97.3%
——29Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.9dCVE-2026-503517.8 ALT84.8%
——25Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.2dCVE-2026-504237.8 ALT82.8%
——25Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.3dCVE-2020-253669.1 CRÍ82.0%
——25An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.9d