Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,523
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,121 - 2,140 of 40,173 CVEs
CVE-2026-57264 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-13132 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-13131 HIGH - 8.3

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD
CVE-2026-13125 HIGH - 8.8

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces p...

Vendor: GeoVision Inc.
Product: GeoWebPlayer
Published: Jul 02, 2026
Source: NVD

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries....

Vendor: craftcms
Product: cms
Published: Jul 02, 2026
Source: NVD

Craft CMS is a content management system (CMS). In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl() Twig function is included in Craftโ€™s Twig sandbox allowlist, allowing any control panel user granted the utility:system-messages permission...

Vendor: craftcms
Product: cms
Published: Jul 02, 2026
Source: NVD

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widgetโ€™s "Give feedback" screen ...

Vendor: craftcms
Product: cms
Published: Jul 01, 2026
Source: NVD
CVE-2026-14440 MEDIUM - 6.8

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameter...

Vendor: Cloudflare
Product: Universal SSL
Published: Jul 01, 2026
Source: NVD

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to mov...

Vendor: Altium
Product: Altium Enterprise Server, Altium 365
Published: Jul 01, 2026
Source: NVD
CVE-2026-14432 HIGH - 8.8

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14431 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14430 HIGH - 8.8

Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14429 HIGH - 8.3

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14428 HIGH - 8.3

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14427 HIGH - 8.3

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14426 HIGH - 7.5

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14425 CRITICAL - 9.6

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14424 CRITICAL - 9.6

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14423 CRITICAL - 9.6

Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14422 HIGH - 8.8

Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD