Export limit exceeded: 362537 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362537 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14003 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2026-14016 | 1 Google | 1 Chrome | 2026-07-06 | 6.5 Medium |
| Inappropriate implementation in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14019 | 1 Google | 1 Chrome | 2026-07-06 | 6.5 Medium |
| Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14031 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14034 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Inappropriate implementation in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14036 | 1 Google | 1 Chrome | 2026-07-06 | 8.8 High |
| Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14037 | 1 Google | 1 Chrome | 2026-07-06 | 9.6 Critical |
| Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14038 | 1 Google | 1 Chrome | 2026-07-06 | 9.3 Critical |
| Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14041 | 1 Google | 1 Chrome | 2026-07-06 | 8.8 High |
| Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14044 | 1 Google | 1 Chrome | 2026-07-06 | 9.6 Critical |
| Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14045 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14046 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14053 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14056 | 1 Google | 1 Chrome | 2026-07-06 | 9.6 Critical |
| Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Low) | ||||
| CVE-2026-14074 | 1 Google | 1 Chrome | 2026-07-06 | 6.5 Medium |
| Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14076 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-9182 | 1 Esri | 1 Arcgis Server | 2026-07-06 | 5.3 Medium |
| ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload. | ||||
| CVE-2026-9181 | 1 Esri | 1 Arcgis Server | 2026-07-06 | 9.8 Critical |
| ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow access to sensitive files on the system. This issue impacts all versions of ArcGIS Server 12.0 and prior. | ||||
| CVE-2026-54059 | 1 Python-pillow | 1 Pillow | 2026-07-06 | 7.5 High |
| Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0. | ||||
| CVE-2026-55646 | 1 Vllm-project | 1 Vllm | 2026-07-06 | 6.5 Medium |
| vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLM_MAX_AUDIO_CLIP_FILESIZE_MB compressed upload size limit (default 25 MB) later in the speech-to-text preprocessing step, so an API caller who can reach those routes can submit an oversized multipart upload and cause vLLM to allocate memory proportional to the uploaded file size before the request is rejected as too large, creating memory pressure or terminating the process depending on deployment resource limits. This issue is fixed in version 0.24.0. | ||||