Search

Search Results (364612 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55687 2026-07-10 7.5 High
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt_tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.
CVE-2026-14428 1 Google 1 Chrome 2026-07-10 8.3 High
Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14420 1 Google 1 Chrome 2026-07-10 9.6 Critical
Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-14397 1 Google 1 Chrome 2026-07-10 9.6 Critical
Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14400 1 Google 1 Chrome 2026-07-10 8.3 High
Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14395 1 Google 1 Chrome 2026-07-10 8.8 High
Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14402 1 Google 1 Chrome 2026-07-10 6.5 Medium
Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14418 1 Google 1 Chrome 2026-07-10 4.3 Medium
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14390 1 Google 1 Chrome 2026-07-10 9.6 Critical
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-52191 1 Utt 1 Nv518g 2026-07-10 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_444C8C component
CVE-2026-38970 2026-07-10 7.5 High
pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without enforcing a maximum nesting depth.
CVE-2026-38971 1 Ardupilot 1 Ardupilot 2026-07-10 9.1 Critical
ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control().
CVE-2026-11965 2026-07-10 6.5 Medium
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.
CVE-2026-14336 1 Eclipse 1 Eclipse Pia 2026-07-10 8.2 High
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, pia/models.py:139) instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://ci.eclipse.org@evil.host (userinfo trick) or https://ci.eclipse.org.evil.host (suffix trick) that satisfies the prefix check while pointing the OIDC discovery and JWKS fetches at a server the attacker controls. An unauthenticated caller of POST /v1/upload/sbom can use this to force PIA to make outbound HTTP(S) requests to an arbitrary attacker-chosen host, and to have oidc.verify_token accept a JWT signed with the attacker's own key.
CVE-2026-59794 1 Jetbrains 1 Teamcity 2026-07-10 7.3 High
In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
CVE-2026-61492 1 Jetbrains 1 Youtrack 2026-07-10 3.5 Low
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
CVE-2026-33382 2026-07-10 7.5 High
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.
CVE-2026-8595 2026-07-10 6.8 Medium
A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting).
CVE-2026-8609 2026-07-10 5.3 Medium
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service).
CVE-2026-54063 2026-07-10 7.5 High
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row r="N"> XML attribute value directly as the length argument to make([]xlsxRow, row) without validating it against the Excel row limit (TotalRows = 1,048,576). A specially crafted XLSX file can trigger two denial-of-service variants: (A) an out-of-memory process kill when r=2147483647 forces a ~16 GB allocation attempt, and (B) a runtime panic via out-of-bounds slice indexing when r=-1. Any service that opens attacker-supplied XLSX files and calls GetCellValue is affected. No authentication is required. This issue is fixed in version 2.11.0.