Published threat advisories for May 28, 2026

A vulnerability in Google Chrome allows a remote attacker to bypass security features. This could impact affected organizations by potentially exposing systems and data to unauthorized access. The realistic business risk involves a loss of confidentiality and integrity.

NVD published: May 28, 2026

A use-after-free vulnerability in Google Chrome's Bluetooth component could allow an attacker to escape the browser sandbox via a malicious extension, impacting system integrity and data. This situation presents a significant risk.

NVD published: May 28, 2026

A vulnerability in Portainer Community Edition allows standard users with Docker endpoint access to execute privileged plugin operations. This could enable unauthorized control over containerized environments, posing a significant business risk. Organizations should identify affected instances, restrict user access, an

NVD published: May 28, 2026

A critical vulnerability in Oracle REST Data Services allows unauthenticated attackers with network access to take over the service, potentially impacting other products. This issue is easily exploitable and has severe consequences for confidentiality, integrity, and availability.

NVD published: May 28, 2026

A critical vulnerability exists in Oracle REST Data Services, a service that connects web browsers to Oracle databases, which could allow a low-privileged attacker with network access to completely compromise the service and potentially affect other products. This could impact confidentiality, integrity, and availabili

NVD published: May 28, 2026

A vulnerability in Oracle Database Server's Net Service component allows an unauthenticated attacker with network access to compromise the service, potentially leading to a takeover. This impacts confidentiality, integrity, and availability, posing a significant business risk. Exploitation is difficult but can affect a

NVD published: May 28, 2026

A vulnerability in the Oracle Internet Procurement Connector allows attackers network access to compromise data. This could lead to unauthorized data creation, deletion, or modification, impacting business operations and data integrity.

NVD published: May 28, 2026

A critical vulnerability exists in Oracle Payments within Oracle E-Business Suite's File Transmission component, allowing unauthenticated attackers with network access to achieve a complete takeover of the system. This could impact data confidentiality, integrity, and availability.

NVD published: May 28, 2026

A vulnerability in Oracle REST Data Services allows a low-privileged attacker with network access to take over the service. This could significantly impact other connected products and pose a risk to data confidentiality, integrity, and availability. Organizations should identify affected assets and apply vendor fixes.

NVD published: May 28, 2026

A vulnerability in Oracle Hospitality OPERA 5 Property Services could allow an attacker with network access to compromise the system. This could result in the takeover of services, posing a risk to business operations and data.

NVD published: May 28, 2026

A flaw in CodeWhale's task creation tool may permit sub-agents unrestricted shell access when a user approves a task. This could allow attackers to gain unauthorized control over affected systems, potentially leading to data compromise and significant business risk. Organizations should review their use of this tool.

NVD published: May 28, 2026

The MeshCore Lovelace card for Home Assistant is affected by a vulnerability that allows for arbitrary JavaScript execution. This could impact internal systems by enabling unauthorized actions or data exposure within the Home Assistant frontend. The realistic business risk involves potential compromise of sensitive dat

NVD published: May 28, 2026

A flaw in a coding agent allows malicious code execution from unapproved repositories, potentially leading to credential theft or system compromise. The risk stems from automatic test execution without user consent, impacting organizational security and data integrity.

NVD published: May 28, 2026

A vulnerability in the CloudNativePG metrics exporter allows an attacker with limited privileges to execute OS commands as the `postgres` user. This can impact affected organizations by enabling unauthorized access to sensitive data and compromising database systems and infrastructure. The risk to business operations i

NVD published: May 28, 2026

A misconfiguration in Samba file servers can allow remote command execution by attackers exploiting the "check password script" feature with specific substitution characters. This affects non-standard configurations and presents a business risk of unauthorized system control.

NVD published: May 28, 2026