Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364439 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14094 1 Google 1 Chrome 2026-07-09 7.8 High
Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
CVE-2026-14096 1 Google 1 Chrome 2026-07-09 6.5 Medium
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14104 1 Google 1 Chrome 2026-07-09 8.8 High
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14106 1 Google 1 Chrome 2026-07-09 9.6 Critical
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14113 1 Google 1 Chrome 2026-07-09 9.6 Critical
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14118 1 Google 1 Chrome 2026-07-09 6.5 Medium
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14122 1 Google 1 Chrome 2026-07-09 8.1 High
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14135 1 Google 1 Chrome 2026-07-09 4.3 Medium
Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14145 1 Google 1 Chrome 2026-07-09 6.1 Medium
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14147 1 Google 1 Chrome 2026-07-09 6.1 Medium
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-54423 1 Openstack 1 Ironic 2026-07-09 6.5 Medium
A malicious user with access to deploy a node directly via Ironic can specify the IPMI send_raw deployment step with a malicious payload and send commands to that nodes' BMC. IPMI send_raw capability is exposed multiple ways, including via VendorPassthru interfaces (restricted to system admin) and other step based flows such as cleaning or servicing. This also means any malicious user with the ability to initiate manual cleaning and servicing flows with arbitrary steps can also execute this vulnerability.
CVE-2026-54404 2026-07-09 8.8 High
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVE-2026-55114 1 Ubiquiti 1 Unifi Network Application 2026-07-09 8.8 High
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVE-2024-31636 1 Lief-project 1 Lief 2026-07-09 3.9 Low
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
CVE-2024-29640 1 Messense 1 Aliyundrive-webdav 2026-07-09 9.8 Critical
An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component.
CVE-2024-29296 1 Portainer 1 Portainer 2026-07-09 5.3 Medium
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.
CVE-2024-26566 2 Iscute, Ods-im 2 Cute Http File Server, Cutehttpfileserver 2026-07-09 8.2 High
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.
CVE-2024-25294 1 Getrebuild 1 Rebuild 2026-07-09 9.1 Critical
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.
CVE-2024-24520 1 Lepton-cms 1 Leptoncms 2026-07-09 7.8 High
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVE-2024-23084 2 Apfloat, Mikkotommila 2 Apfloat, Apfloat 2026-07-09 7.5 High
Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.