Export limit exceeded: 21054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363604 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14124 1 Google 1 Chrome 2026-07-06 7.8 High
Inappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
CVE-2026-14128 1 Google 1 Chrome 2026-07-06 4.3 Medium
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14130 1 Google 1 Chrome 2026-07-06 4.3 Medium
Incorrect security UI in Omnibox in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14131 1 Google 1 Chrome 2026-07-06 4.3 Medium
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14132 1 Google 1 Chrome 2026-07-06 4.3 Medium
Inappropriate implementation in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14147 1 Google 1 Chrome 2026-07-06 6.1 Medium
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14151 1 Google 1 Chrome 2026-07-06 8.3 High
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14154 1 Google 1 Chrome 2026-07-06 4.8 Medium
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2026-38142 2026-07-06 6.5 Medium
An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter.
CVE-2026-51947 1 Pivotal 1 Crm 2026-07-06 9.8 Critical
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.
CVE-2026-38891 2026-07-06 7.5 High
An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist message.
CVE-2026-36909 2026-07-06 6.2 Medium
A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2026-26145 1 Microsoft 1 Azure Synapse 2026-07-06 4.8 Medium
Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVE-2026-45499 1 Microsoft 2 Azure Open-ai, Azure Open-ai 2026-07-06 9.9 Critical
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
CVE-2026-57100 1 Microsoft 1 Entra Provisioning Service 2026-07-06 9.9 Critical
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
CVE-2026-58292 1 Microsoft 1 Edge Chromium 2026-07-06 7.5 High
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58289 1 Microsoft 1 Edge Chromium 2026-07-06 9 Critical
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57983 1 Microsoft 1 Edge Chromium 2026-07-06 8.7 High
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-57975 1 Microsoft 1 Edge Chromium 2026-07-06 7.5 High
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2025-15668 1 Gpac 1 Gpac 2026-07-06 3.3 Low
A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is f29f955f2a3b5e8e507caad3e52319f961bf37bf. It is advisable to implement a patch to correct this issue.