Search

Search Results (366088 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14149 1 Google 1 Chrome 2026-07-14 8.8 High
Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14153 1 Google 1 Chrome 2026-07-14 5.3 Medium
Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14154 1 Google 1 Chrome 2026-07-14 4.8 Medium
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2026-14155 1 Google 1 Chrome 2026-07-14 6.5 Medium
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-51947 1 Pivotal 1 Crm 2026-07-14 9.8 Critical
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.
CVE-2026-52186 1 Utt 1 Nv518g 2026-07-14 9.8 Critical
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component
CVE-2026-36909 2026-07-14 6.2 Medium
A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2026-20457 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-14 5.3 Medium
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301.
CVE-2026-49169 1 Microsoft 2 Windows Server 2025, Windows Server 2025 (server Core Installation) 2026-07-14 8 High
Use after free in DNS Server allows an authorized attacker to execute code over a network.
CVE-2026-50527 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-14 7.5 High
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50526 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-14 7 High
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVE-2026-50525 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-14 7.5 High
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-50524 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-14 7.5 High
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50649 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-14 7.8 High
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
CVE-2026-50648 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-14 7.5 High
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50650 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-14 7.8 High
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
CVE-2026-47429 2026-07-14 9.8 Critical
Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /__vitest_attachment__, allowing \\?\\..\\ path traversal to read files outside the project; exposed API write and rerun features such as saveTestFile and rerun could also allow arbitrary script execution. This issue is fixed in versions 3.2.5 and 4.1.0.
CVE-2026-48038 2026-07-14 5.3 Medium
joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link() schemas. When validate() is called without try/catch in a request handler, deeply nested input can trigger an unhandled RangeError and potentially crash the process; lower-impact paths using validateAsync() or try/catch produce a RangeError instead of a structured ValidationError. This issue is fixed in versions 17.13.4 and 18.2.1.
CVE-2026-48761 2026-07-14 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes() omitted URL-bearing attributes on <object>, <applet>, <iframe>, and <img>, and <meta http-equiv="refresh"> URLs inside content bypassed URL sanitization, allowing explicitly enabled elements or attributes to pass javascript: and similar payloads into sanitized output. This issue is fixed in versions 6.4.41, 7.4.13, and 8.0.13.
CVE-2026-48310 2026-07-14 8.6 High
Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.