Lucene search
K

363394 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-14413

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00202EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-14412

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00237EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14407

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00319EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14410

Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-14411

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00253EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14414

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-14396

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00247EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14400

Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00222EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14403

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS0.00257EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-14398

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14401

Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00237EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-14405

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

9.6CVSS0.00307EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14397

Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS0.00253EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14399

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00224EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14402

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00224EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS0.00202EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14387

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14393

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00281EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14392

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-14395

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS0.00275EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14389

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS0.00242EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14391

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS0.00233EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14394

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-14386

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14388

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-14390

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14385

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00327EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14382

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-14381

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14384

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14383

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00348EPSS
Exploits0References2
NVD
NVD
added 5 days ago3 views

CVE-2026-11950

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
added 5 days ago4 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-54712

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

5.3CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-52186

SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub463bbc component...

9.8CVSS0.00527EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-52190

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub448384 component...

7.5CVSS0.00452EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-54262

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-54260

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...

4.3CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-54259

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could se...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-54263

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...

7.3CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-36911

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-36909

A NULL pointer dereference in the AP4TkhdAtom::GetTrackId function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

6.2CVSS0.0012EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-36912

A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

7.5CVSS0.00343EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-38891

An improper input validation in the gazeborosdiffdrive.cpp component of gazeboplugins v3.9.0 allows attackers to cause a Denial of Service DoS via supplying a crafted geometrymsgs::Twist message...

7.5CVSS0.00343EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-36910

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5CVSS0.00113EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-55886

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...

6.3CVSS0.00315EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS0.00239EPSS
Exploits0References2
Total number of security vulnerabilities363394