Export limit exceeded: 365223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365223 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14004 1 Google 1 Chrome 2026-07-15 6.5 Medium
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14005 1 Google 1 Chrome 2026-07-15 8.8 High
Use after free in Omnibox in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14009 1 Google 1 Chrome 2026-07-15 8.8 High
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14016 1 Google 1 Chrome 2026-07-15 6.5 Medium
Inappropriate implementation in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14018 1 Google 1 Chrome 2026-07-15 7.8 High
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)
CVE-2026-14019 1 Google 1 Chrome 2026-07-15 6.5 Medium
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14021 1 Google 1 Chrome 2026-07-15 6.5 Medium
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14022 1 Google 1 Chrome 2026-07-15 6.5 Medium
Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-59885 1 Pyasn1 1 Pyasn1 2026-07-15 7.5 High
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode() call and can deny service to applications that decode untrusted ASN.1 data. The corresponding encoders have the same quadratic behavior when an application re-encodes previously decoded attacker-supplied values. This issue is fixed in version 0.6.4.
CVE-2026-59884 1 Pyasn1 1 Pyasn1 2026-07-15 7.5 High
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4.
CVE-2026-55123 1 Microsoft 8 365 Apps, Office 2019, Office 2021 and 5 more 2026-07-15 7.8 High
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-55043 1 Microsoft 8 365 Apps, Office 2019, Office 2021 and 5 more 2026-07-15 7.8 High
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-55008 1 Microsoft 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se 2026-07-15 9.6 Critical
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-55005 1 Microsoft 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se 2026-07-15 8.8 High
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
CVE-2026-57090 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 8.8 High
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network.
CVE-2026-54993 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-50505 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.5 High
Use after free in Windows Message Queuing allows an authorized attacker to execute code over a network.
CVE-2026-54115 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.8 High
Integer overflow or wraparound in Windows Active Directory allows an authorized attacker to elevate privileges locally.
CVE-2026-55001 1 Microsoft 6 Windows 10 1607, Windows 10 1809, Windows Server 2016 and 3 more 2026-07-15 7.8 High
Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally.
CVE-2026-47300 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-15 8.8 High
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.