Export limit exceeded: 21054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14124 | 1 Google | 1 Chrome | 2026-07-06 | 7.8 High |
| Inappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low) | ||||
| CVE-2026-14128 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14130 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Incorrect security UI in Omnibox in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14131 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14132 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Inappropriate implementation in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14147 | 1 Google | 1 Chrome | 2026-07-06 | 6.1 Medium |
| Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14151 | 1 Google | 1 Chrome | 2026-07-06 | 8.3 High |
| Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14154 | 1 Google | 1 Chrome | 2026-07-06 | 4.8 Medium |
| Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2026-38142 | 2026-07-06 | 6.5 Medium | ||
| An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter. | ||||
| CVE-2026-51947 | 1 Pivotal | 1 Crm | 2026-07-06 | 9.8 Critical |
| An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253. | ||||
| CVE-2026-38891 | 2026-07-06 | 7.5 High | ||
| An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist message. | ||||
| CVE-2026-36909 | 2026-07-06 | 6.2 Medium | ||
| A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | ||||
| CVE-2026-26145 | 1 Microsoft | 1 Azure Synapse | 2026-07-06 | 4.8 Medium |
| Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-45499 | 1 Microsoft | 2 Azure Open-ai, Azure Open-ai | 2026-07-06 | 9.9 Critical |
| Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-57100 | 1 Microsoft | 1 Entra Provisioning Service | 2026-07-06 | 9.9 Critical |
| Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-58292 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 7.5 High |
| Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-58289 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 9 Critical |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-57983 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 8.7 High |
| Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-57975 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 7.5 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-15668 | 1 Gpac | 1 Gpac | 2026-07-06 | 3.3 Low |
| A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is f29f955f2a3b5e8e507caad3e52319f961bf37bf. It is advisable to implement a patch to correct this issue. | ||||