Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23287
Total
1655
Critical
7324
High
7394
Medium
CVE ID Severity Score Description Published
CVE-2026-15119 HIGH 8.3 Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape … Jul 08, 2026
CVE-2026-15118 HIGH 8.8 Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jul 08, 2026
CVE-2026-15117 HIGH 7.5 Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures … Jul 08, 2026
CVE-2026-15116 HIGH 8.8 Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jul 08, 2026
CVE-2026-15115 LOW 3.3 Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via … Jul 08, 2026
CVE-2026-15114 HIGH 8.8 Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a … Jul 08, 2026
CVE-2026-15113 CRITICAL 9.6 Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a … Jul 08, 2026
CVE-2026-15112 HIGH 8.8 Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. … Jul 08, 2026
CVE-2026-15111 HIGH 7.5 Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures … Jul 08, 2026
CVE-2026-15110 HIGH 8.8 Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially … Jul 08, 2026
CVE-2026-15109 MEDIUM 6.5 Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted … Jul 08, 2026
CVE-2026-15108 MEDIUM 4.3 Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform … Jul 08, 2026
CVE-2026-15107 HIGH 8.8 Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … Jul 08, 2026
CVE-2026-15105 MEDIUM 6.3 A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request … Jul 08, 2026
CVE-2026-5923 UNKNOWN Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage. Jul 08, 2026
CVE-2026-5922 UNKNOWN The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage. Jul 08, 2026
CVE-2026-55878 HIGH 7.8 Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a … Jul 08, 2026
CVE-2026-55877 MEDIUM 6.1 Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux_icon() Twig function is marked is_safe=['html'] and … Jul 08, 2026
CVE-2026-55849 UNKNOWN @cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper … Jul 08, 2026
CVE-2026-55830 HIGH 8.3 RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. … Jul 08, 2026
CVE-2026-55471 UNKNOWN HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform(...) overloads instantiated a bare … Jul 08, 2026
CVE-2026-55470 HIGH 7.5 HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched … Jul 08, 2026
CVE-2026-54777 MEDIUM 6.5 CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts … Jul 08, 2026
CVE-2026-52200 CRITICAL 9.8 An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint … Jul 08, 2026
CVE-2026-51535 HIGH 7.5 In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its network processing loop. Jul 08, 2026