Export limit exceeded: 363488 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363488 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13896 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13920 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13928 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13941 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-52722 | 2 Gstreamer Project, Redhat | 2 Gstreamer Plugin, Enterprise Linux | 2026-07-09 | 7.1 High |
| A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure. | ||||
| CVE-2026-52720 | 2 Gstreamer Project, Redhat | 2 Gstreamer Plugin, Enterprise Linux | 2026-07-09 | 8.8 High |
| A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash. | ||||
| CVE-2026-13954 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13974 | 1 Google | 1 Chrome | 2026-07-09 | 8.1 High |
| Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-13979 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13987 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Incorrect security UI in Mobile in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13989 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Inappropriate implementation in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13994 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14000 | 1 Google | 1 Chrome | 2026-07-09 | 6.1 Medium |
| Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14031 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14060 | 1 Google | 1 Chrome | 2026-07-09 | 7.8 High |
| Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Low) | ||||
| CVE-2026-14099 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-31985 | 1 Nozomi Networks | 1 Remote Collector | 2026-07-09 | 8.1 High |
| When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Remote Collector and the Guardian or CMC. This could result in theft of the sync token, impersonation of the server, injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC, or disruption of the data flow between the Remote Collector and the Guardian or CMC. | ||||
| CVE-2026-31981 | 1 Nozomi Networks | 2 Cmc, Guardian | 2026-07-09 | 5.9 Medium |
| A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple input vectors. When a victim views the affected data in the Diagram tab and Graph view, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration. | ||||
| CVE-2026-14107 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14140 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||