Search

Search Results (363395 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-15167 1 Wireshark 1 Wireshark 2026-07-09 7.5 High
DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
CVE-2026-54499 2026-07-09 7.5 High
Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(..., weights_only=True) but fall back to torch.load(..., weights_only=False) on attacker-controllable pickle.UnpicklingError, allowing a malicious .pt pretrain or model file to execute arbitrary pickle code when a Stanza NLP pipeline loads it. This issue is fixed in version 1.12.2.
CVE-2026-2342 2026-07-09 9.3 Critical
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-1989 2026-07-09 7.5 High
Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-53705 2 Gstreamer Project, Redhat 2 Gstreamer Plugin, Enterprise Linux 2026-07-09 7.6 High
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file.
CVE-2026-56458 2026-07-09 5.4 Medium
HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVE-2026-1365 2026-07-09 6.5 Medium
Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-52196 1 Utt 1 Nv518g 2026-07-09 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_416f28 component
CVE-2026-13780 1 Google 1 Chrome 2026-07-09 9.6 Critical
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-56459 2026-07-09 6.2 Medium
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure.  The application stores potentially sensitive information in log files that could be read by a local user.
CVE-2026-13818 1 Google 1 Chrome 2026-07-09 6.5 Medium
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13825 1 Google 1 Chrome 2026-07-09 8.8 High
Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13867 1 Google 1 Chrome 2026-07-09 4.3 Medium
Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13896 1 Google 1 Chrome 2026-07-09 6.5 Medium
Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13916 1 Google 1 Chrome 2026-07-09 4.3 Medium
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13920 1 Google 1 Chrome 2026-07-09 9.6 Critical
Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13928 1 Google 1 Chrome 2026-07-09 8.8 High
Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13939 1 Google 1 Chrome 2026-07-09 3.1 Low
Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13941 1 Google 1 Chrome 2026-07-09 4.3 Medium
Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13942 1 Google 1 Chrome 2026-07-09 3.3 Low
Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)