Export limit exceeded: 363761 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363761 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50135 | 2026-07-07 | N/A | ||
| Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat (follows symlinks) instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount (e.g. a vendored themes/ theme) read arbitrary files accessible to the Hugo user. Go-module themes from GitHub (symlinks stripped) and directory walks were unaffected. Fixed in 0.162.0. | ||||
| CVE-2026-14613 | 1 Redhat | 4 Build Keycloak, Jboss Data Grid, Jbosseapxp and 1 more | 2026-07-07 | 4.3 Medium |
| A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific "role" can also see a list of all groups assigned to that role. The system fails to check if the administrator has permission to see those specific groups. This could allow a restricted administrator to discover "hidden" groups and see their details, such as internal names and custom settings, which might contain sensitive deployment information. | ||||
| CVE-2026-30689 | 1 Anjoy8 | 1 Blog.admin | 2026-07-07 | 4.3 Medium |
| In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service. | ||||
| CVE-2026-13022 | 1 Google | 1 Chrome | 2026-07-07 | 3.1 Low |
| Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-52193 | 2026-07-07 | 7.5 High | ||
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component | ||||
| CVE-2026-52198 | 2026-07-07 | 7.5 High | ||
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_425994 component | ||||
| CVE-2026-13774 | 1 Google | 1 Chrome | 2026-07-07 | 8.1 High |
| Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical) | ||||
| CVE-2026-13776 | 1 Google | 1 Chrome | 2026-07-07 | 9.6 Critical |
| Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13777 | 1 Google | 1 Chrome | 2026-07-07 | 8.8 High |
| Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13778 | 1 Google | 1 Chrome | 2026-07-07 | 7.8 High |
| Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical) | ||||
| CVE-2026-13782 | 1 Google | 1 Chrome | 2026-07-07 | 9.6 Critical |
| Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13785 | 1 Google | 1 Chrome | 2026-07-07 | 9.6 Critical |
| Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13788 | 1 Google | 1 Chrome | 2026-07-07 | 8.8 High |
| Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13792 | 1 Google | 1 Chrome | 2026-07-07 | 9.6 Critical |
| Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13793 | 1 Google | 1 Chrome | 2026-07-07 | 6.5 Medium |
| Insufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13797 | 1 Google | 1 Chrome | 2026-07-07 | 9.6 Critical |
| Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13799 | 1 Google | 1 Chrome | 2026-07-07 | 8.1 High |
| Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | ||||
| CVE-2026-13809 | 1 Google | 1 Chrome | 2026-07-07 | 6.5 Medium |
| Side-channel information leakage in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13811 | 1 Google | 1 Chrome | 2026-07-07 | 8.8 High |
| Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13818 | 1 Google | 1 Chrome | 2026-07-07 | 6.5 Medium |
| Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) | ||||