These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-11719 is a high-severity vulnerability in MCP Toolbox for Databases that allows authenticated users to bypass authorization restrictions. The vulnerability exists because older protocol versions (2025-06-18, 2025-03-26, and 2024-11-05) do not enforce scope checks, unlike the 2025-11-25 protocol version. An attacker with a low-privilege token can exploit this by specifying an older protocol versio [truncated]
A critical authentication bypass vulnerability exists in googleapis/mcp-toolbox. The vulnerability occurs in the generic opaque token validation path, allowing unauthorized third-party identity providers to issue accepted tokens. This happens when an external OAuth provider's introspection response omits the optional issuer (iss) field, causing the application to skip claim-checking logic silently. The CV [truncated]
CVE-2026-12467 is a high-severity use after free vulnerability in Google Chrome's Extensions feature. This vulnerability, which was published on June 17, 2026, allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The CVSS score for this vulnerability is 8.3, indicating a high level of severity. Users of Google Chrome prior to ve [truncated]
CVE-2026-12466 is a high-severity vulnerability in Google Chrome's WebRTC feature on Windows. A remote attacker can exploit this heap buffer overflow by crafting a malicious HTML page, allowing for arbitrary code execution. Google patched this issue in Chrome version 149.0.7827.155. Users should update to the latest version to mitigate this risk. This vulnerability was publicly disclosed on June 17, 2026, [truncated]
A high-severity vulnerability was discovered in Google Chrome's Views implementation on Linux, affecting versions prior to 149.0.7827.155. This issue allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML, potentially leading to UXSS attacks. The vulnerability was reported and patched, with the stable channel update for desktop released on June 17, 2026. Use [truncated]
CVE-2026-12460 is a High-severity vulnerability in Google Chrome, where insufficient policy enforcement in File System Access allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. This issue was addressed in Google Chrome version 149.0.7827.155. Users should update to the latest version to mitigate this risk. The vulnerability was publicly disc [truncated]
CVE-2026-12459 is a High-severity vulnerability in Google Chrome's Serial implementation. A remote attacker can inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. This issue was patched in Chrome version 149.0.7827.155. Users should update Chrome to the latest version to mitigate this risk. The vulnerability has a CVSS score of 6.1, indicating a Medium severity level. Chrome users are advise [truncated]
CVE-2026-12451 is a high-severity vulnerability in Google Chrome's DigitalCredentials component. A remote attacker who has compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. The vulnerability has a CVSS score of 8.3 and was published on 2026-06-17. Users of Google Chrome prior to version 149.0.7827.155 are affected. The CVE was modified on 2026-06-18 to re [truncated]
CVE-2026-12450 is a High-severity vulnerability in Google Chrome's Media implementation. A remote attacker can exploit this issue by crafting an HTML page to obtain potentially sensitive information from process memory. This vulnerability was publicly disclosed on June 17, 2026, and has a CVSS score of 6.5 (Medium severity). Users of Google Chrome prior to version 149.0.7827.155 are affected. To mitigate [truncated]
CVE-2026-12449 is a high-severity vulnerability in Google Chrome's Chromoting feature on Windows. It was reported on June 17, 2026, and modified on June 18, 2026. The vulnerability allows a local attacker to perform OS-level privilege escalation via a malicious file. The CVSS score for this vulnerability is 7.8, indicating a high level of severity. Users of Google Chrome on Windows should update to versio [truncated]
CVE-2026-12448 is a High-severity vulnerability in Google Chrome's WebView on Android, allowing remote attackers to escalate privileges via a crafted HTML page. This issue was addressed in Chrome version 149.0.7827.155. Organizations should prioritize updating Chrome to the latest version to mitigate this vulnerability. The CVSS score for this vulnerability is 8.8, indicating a high level of severity. Thi [truncated]
CVE-2026-12447 is a high-severity vulnerability in Google Chrome's WebRTC component. A remote attacker can exploit this heap buffer overflow by crafting a malicious HTML page, allowing them to execute arbitrary code within a sandbox environment. This vulnerability was publicly disclosed on June 17, 2026, and the Chrome browser was updated to version 149.0.7827.155 to address the issue. Users should update [truncated]
CVE-2026-12445 is a high-severity use after free vulnerability in Google Chrome Extensions. An attacker could exploit this vulnerability by convincing a user to install a malicious extension, potentially leading to heap corruption. The vulnerability was reported to have a CVSS score of 7.5 and was publicly disclosed on June 17, 2026. Users of Google Chrome prior to version 149.0.7827.155 are affected. The [truncated]
CVE-2026-12444 is a High-severity vulnerability in Google Chrome's Chromoting feature on Windows. It allows a local attacker to obtain potentially sensitive information from process memory via a malicious file. The vulnerability has a CVSS score of 5.5 and is considered Medium severity. Google Chrome versions prior to 149.0.7827.155 are affected. Users should update to the latest version to mitigate this [truncated]
CVE-2026-12443 is a critical use-after-free vulnerability in Google Chrome's Web Authentication feature. The vulnerability, which was published on June 17, 2026, allows remote attackers to execute arbitrary code via a crafted HTML page. The CVSS score for this vulnerability is 8.8, indicating a high severity. Google Chrome versions prior to 149.0.7827.155 are affected by this vulnerability. Users should u [truncated]
CVE-2026-12442 is a critical use-after-free vulnerability in Google Chrome's Passwords feature on Android. It was reported on June 17, 2026, and modified on June 18, 2026. The vulnerability has a CVSS score of 8.8 and can be exploited via a crafted HTML page, allowing remote attackers to execute arbitrary code. This issue was addressed in Chrome version 149.0.7827.155. Users should update their Chrome bro [truncated]
A critical vulnerability, CVE-2026-12441, was discovered in Google Chrome's File Input component on Linux systems. This use-after-free vulnerability, rated as Critical by Chromium, allows remote attackers to potentially exploit heap corruption via a crafted HTML page. The vulnerability has a CVSS score of 8.8, indicating a high severity. Google Chrome users on Linux systems should prioritize updating to v [truncated]
A critical vulnerability, CVE-2026-12440, was discovered in Google Chrome on Windows, allowing a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This use after free issue in DigitalCredentials has a CVSS score of 9.6, indicating a high severity. Users of Google Chrome on Windows should update to version 149.0.7827.155 or later to mitigate this vulnerability. The vulnerabil [truncated]
CVE-2026-0083 is a critical vulnerability in the Android operating system, specifically affecting the NFC (Near Field Communication) component. The issue arises from a race condition in the `Nfc::eventCallback()` function, leading to a use-after-free vulnerability. This could allow an attacker to escalate privileges locally without requiring additional execution privileges or user interaction. The vulnera [truncated]
CVE-2026-0081 is a critical vulnerability in Google Android's NFC component. A missing permission check allows local attackers to spoof NFC events, potentially leading to privilege escalation with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability has a CVSS score of 10 and is considered critical.
A critical vulnerability, CVE-2026-0064, has been identified in Google Android, potentially leading to a persistent denial of service. This vulnerability has a CVSS score of 10 and is classified as CRITICAL. The issue can be exploited locally without additional execution privileges, and user interaction is not required. The vulnerability was published on June 17, 2026, and last modified on the same day.
CVE-2026-0019 is a HIGH-severity vulnerability in Google's SettingsLib, enabling local escalation of privilege with a CVSS score of 7.8. The issue arises from a logic error in the code, allowing attackers to disable system components without additional execution privileges or user interaction. This vulnerability was published on June 17, 2026, and last modified on June 18, 2026. Affected products include [truncated]
A high-severity vulnerability, CVE-2025-48643, exists in multiple locations due to improper input validation, potentially allowing local escalation of privilege without additional execution privileges. User interaction is not required for exploitation. This vulnerability has a CVSS score of 7.8 and is considered HIGH severity. The vulnerability was published on 2026-06-17T13:19:14.140Z and last modified o [truncated]
CVE-2026-0165 is a vulnerability in several functions of the RTCP packet decoder, which could lead to a possible out-of-bounds read due to a missing bounds check. This vulnerability could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-0165) [truncated]
CVE-2026-0164 is a vulnerability in the Modem component, where a missing bounds check could lead to an out-of-bounds write. This could result in remote code execution with no additional execution privileges needed. Notably, user interaction is not required for exploitation. The CVE was published on 2026-06-16T20:16:26.790Z and last modified on 2026-06-16T20:42:25.013Z. For more information, refer to [cve- [truncated]
CVE-2026-0162 is a memory corruption vulnerability due to type confusion in the ParsePayloads function of AudioSdpParser.cpp. This issue could lead to remote code execution without requiring additional execution privileges or user interaction. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2026-0161 is a vulnerability in the RtpSession.cpp file, which could lead to an out of bounds write due to an integer overflow. This vulnerability has the potential to allow remote escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. The CVE was published on 2026-06-16T20:16:26.610Z and last modified on 2026-06-16T20:42:25.013Z.
CVE-2026-0160 is a vulnerability in the TextRtpPayloadDecoderNode component. An out of bounds write can lead to remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-0160) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-0160).
CVE-2026-0158 is a vulnerability in the Camera component that allows for unauthorized access to photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not required for exploitation.
CVE-2026-0157 is a vulnerability in the RtcpHeader::decodeRtcpHeader function that could lead to a possible out-of-bounds (OOB) read. This could result in remote information disclosure with no additional execution privileges needed. User interaction is not required for exploitation.
CVE-2026-0156 is a memory safety issue in the `RtpSession.cpp` file, caused by a missing null check in the `checkSsrcCollisionOnRcv` function. This vulnerability could lead to a remote denial of service (DoS) attack without requiring additional execution privileges or user interaction.
CVE-2026-0155 is a vulnerability in the ImsMediaBitReader::ReadByteBuffer function, which could lead to a remote information disclosure with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability was published on {cvePublishedAt} and last modified on {cveModifiedAt}.
A memory corruption vulnerability was discovered in the Modem component, which could be triggered by a SIP REFER request. This vulnerability, tracked as CVE-2026-0154, could potentially lead to remote code execution without requiring additional execution privileges. Notably, user interaction is not necessary for exploitation.
CVE-2026-0153 is a vulnerability in Write of msg_to_host_buffer.cc, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
A logic error in the OSMMapPMRGeneric function of pmr_os.c could allow a local attacker to maliciously expand the VMA out of bounds by leveraging a system call to system call. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.
CVE-2026-0151 is a vulnerability in IntfGraphCreate of intfgraph.c, which could lead to an out of bounds write due to an integer overflow. This could result in remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The CVE was published on {cvePublishedAt} and last modified on {cveModifiedAt}.
CVE-2026-0150 is a vulnerability in the ExecuteGraph command handler of EdgeTPU firmware, which could lead to local escalation of privilege with root privileges needed. An integer overflow can cause an out of bounds write. User interaction is not needed for exploitation. The CVE was published on {cvePublishedAt} and last modified on {cveModifiedAt}.
CVE-2026-0149 is a vulnerability in the RtpSession::rtpSendRtcpPacket function, which could lead to a heap buffer overflow. This could result in remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-0149) and last modified on [cveModifiedAt](https://nvd.nis [truncated]
CVE-2026-0148 is a vulnerability in multiple functions of VideoRtpPayloadDecoderNode.cpp, which can lead to an out of bounds write due to an integer overflow. This could allow for remote code execution with no additional execution privileges needed. User interaction is not required for exploitation.
CVE-2026-0147 is an out of bounds write vulnerability in __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0146 is a vulnerability in the mfc_core_get_dec_metadata_sei_nal function of mfc_core_reg_api.c. The vulnerability is caused by a missing bounds check, which could lead to an out-of-bounds write. This could result in remote code execution with no additional execution privileges needed. User interaction is not required for exploitation.
A vulnerability was discovered in keymint, which could lead to a Permission Bypass. This issue is due to a logic error in the code. An attacker could exploit this vulnerability to disclose local information without needing additional execution privileges. User interaction is not required for exploitation.
A memory safety issue was found in the AocAudioCodec.cpp file, specifically in the writeAocCommand function. This issue is due to a missing bounds check, which could lead to a remote denial of service attack. The attack requires no additional execution privileges and does not need user interaction to be exploited.
CVE-2026-0143 is a use after free vulnerability in lwis_device_external_event_emit of lwis_event.c. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. The CVE was published on 2026-06-16T20:16:25.083Z and modified on 2026-06-16T20:42:25.013Z.
CVE-2026-0142 is a vulnerability in the Android operating system. In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. The CVE was published on {cvePublishedAt} and modified on {cveModifiedAt}.
CVE-2026-0141 is a vulnerability in the decodeAppPacket function of RtcpAppPacket.cpp. This issue is due to a missing bounds check, which could lead to an out-of-bounds (OOB) read. The vulnerability can be exploited remotely without requiring additional execution privileges or user interaction. Successful exploitation could result in information disclosure.
CVE-2026-0140 is a vulnerability in the RtpPacket::decodePacket function, which is susceptible to an out-of-bounds read due to an integer overflow. This vulnerability could lead to remote information disclosure without requiring additional execution privileges. User interaction is necessary for exploitation. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-0140) and last [truncated]
CVE-2026-0139 is a vulnerability in the Modem component, where a missing bounds check could lead to an out of bounds write. This could result in remote code execution with no additional execution privileges needed. Notably, user interaction is not required for exploitation. The CVE was published on 2026-06-16T20:16:24.730Z and last modified on 2026-06-16T20:42:25.013Z.
CVE-2026-0138 is a vulnerability in the lwis_io_buffer_write function of lwis_io_buffer.c, which could lead to an out of bounds write due to memory corruption. This could result in local escalation of privilege with System execution privileges needed. User interaction is not required for exploitation. The CVE was published on 2026-06-16T20:16:24.623Z and last modified on 2026-06-16T20:42:25.013Z.
CVE-2026-0137 is an elevation of privilege vulnerability in edgetpu-dmabuf.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].