Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,275
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 181 - 200 of 39,613 CVEs
CVE-2026-15137 HIGH - 7.3

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the publ...

Vendor: code-projects
Product: Interview Management System
Published: Jul 09, 2026
Source: NVD
CVE-2026-15135 HIGH - 7.3

A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /edit_food_items.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publi...

Vendor: code-projects
Product: Online Food Order System
Published: Jul 09, 2026
Source: NVD
CVE-2026-15134 HIGH - 7.3

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remot...

Vendor: CodeAstro
Product: Simple Online Leave Management System
Published: Jul 09, 2026
Source: NVD
CVE-2026-59723 HIGH - 8.8

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOM_SECRET is unset for local...

Vendor: cline
Product: cline
Published: Jul 08, 2026
Source: NVD
CVE-2026-54499 HIGH - 7.5

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(..., weights_only=True) but fall back to torch.load(..., weights_o...

Vendor: stanfordnlp
Product: stanza
Published: Jul 08, 2026
Source: NVD
CVE-2026-15133 HIGH - 8.8

Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15132 HIGH - 8.8

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15131 MEDIUM - 4.3

Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15130 MEDIUM - 4.3

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15129 HIGH - 8.8

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15128 MEDIUM - 6.1

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15127 MEDIUM - 6.1

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15126 HIGH - 8.8

Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15125 HIGH - 8.8

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15124 MEDIUM - 4.3

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15123 HIGH - 8.8

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15122 HIGH - 8.3

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15121 HIGH - 8.8

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15120 HIGH - 8.3

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15119 HIGH - 8.3

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD