Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23287
Total
1655
Critical
7324
High
7394
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15119 | HIGH | 8.3 | Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape … | Jul 08, 2026 |
| CVE-2026-15118 | HIGH | 8.8 | Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jul 08, 2026 |
| CVE-2026-15117 | HIGH | 7.5 | Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures … | Jul 08, 2026 |
| CVE-2026-15116 | HIGH | 8.8 | Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jul 08, 2026 |
| CVE-2026-15115 | LOW | 3.3 | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via … | Jul 08, 2026 |
| CVE-2026-15114 | HIGH | 8.8 | Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a … | Jul 08, 2026 |
| CVE-2026-15113 | CRITICAL | 9.6 | Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a … | Jul 08, 2026 |
| CVE-2026-15112 | HIGH | 8.8 | Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. … | Jul 08, 2026 |
| CVE-2026-15111 | HIGH | 7.5 | Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures … | Jul 08, 2026 |
| CVE-2026-15110 | HIGH | 8.8 | Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially … | Jul 08, 2026 |
| CVE-2026-15109 | MEDIUM | 6.5 | Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted … | Jul 08, 2026 |
| CVE-2026-15108 | MEDIUM | 4.3 | Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform … | Jul 08, 2026 |
| CVE-2026-15107 | HIGH | 8.8 | Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Jul 08, 2026 |
| CVE-2026-15105 | MEDIUM | 6.3 | A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request … | Jul 08, 2026 |
| CVE-2026-5923 | UNKNOWN | — | Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage. | Jul 08, 2026 |
| CVE-2026-5922 | UNKNOWN | — | The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage. | Jul 08, 2026 |
| CVE-2026-55878 | HIGH | 7.8 | Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a … | Jul 08, 2026 |
| CVE-2026-55877 | MEDIUM | 6.1 | Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux_icon() Twig function is marked is_safe=['html'] and … | Jul 08, 2026 |
| CVE-2026-55849 | UNKNOWN | — | @cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper … | Jul 08, 2026 |
| CVE-2026-55830 | HIGH | 8.3 | RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. … | Jul 08, 2026 |
| CVE-2026-55471 | UNKNOWN | — | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform(...) overloads instantiated a bare … | Jul 08, 2026 |
| CVE-2026-55470 | HIGH | 7.5 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched … | Jul 08, 2026 |
| CVE-2026-54777 | MEDIUM | 6.5 | CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts … | Jul 08, 2026 |
| CVE-2026-52200 | CRITICAL | 9.8 | An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint … | Jul 08, 2026 |
| CVE-2026-51535 | HIGH | 7.5 | In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its network processing loop. | Jul 08, 2026 |