Search

Search Results (363878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14098 1 Google 1 Chrome 2026-07-08 6.5 Medium
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14108 1 Google 1 Chrome 2026-07-08 8.8 High
Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
CVE-2026-14116 1 Google 1 Chrome 2026-07-08 4.3 Medium
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14122 1 Google 1 Chrome 2026-07-08 8.1 High
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14124 1 Google 1 Chrome 2026-07-08 7.8 High
Inappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)
CVE-2026-14130 1 Google 1 Chrome 2026-07-08 4.3 Medium
Incorrect security UI in Omnibox in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14143 1 Google 1 Chrome 2026-07-08 4.3 Medium
Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14151 1 Google 1 Chrome 2026-07-08 8.3 High
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14153 1 Google 1 Chrome 2026-07-08 5.3 Medium
Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-38142 2026-07-08 6.5 Medium
An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter.
CVE-2026-52186 1 Utt 1 Nv518g 2026-07-08 9.8 Critical
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component
CVE-2026-36910 2026-07-08 5.5 Medium
An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2026-20463 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-08 6.7 Medium
In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309.
CVE-2026-11562 2026-07-08 4.3 Medium
The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.
CVE-2026-13129 2026-07-08 7.8 High
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer.
CVE-2026-57238 2026-07-08 7.8 High
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash.
CVE-2026-57241 2026-07-08 6.1 Medium
The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds access.
CVE-2026-57242 2026-07-08 7.8 High
The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash.
CVE-2026-57243 2026-07-08 6.1 Medium
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash.
CVE-2026-57245 2026-07-08 7.8 High
When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an invalid pointer write occurred, causing the application to crash.