Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,275
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 201 - 220 of 39,613 CVEs
CVE-2026-15118 HIGH - 8.8

Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15117 HIGH - 7.5

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15116 HIGH - 8.8

Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15114 HIGH - 8.8

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15113 CRITICAL - 9.6

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15112 HIGH - 8.8

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15111 HIGH - 7.5

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15110 HIGH - 8.8

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15109 MEDIUM - 6.5

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15108 MEDIUM - 4.3

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15107 HIGH - 8.8

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15105 MEDIUM - 6.3

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has be...

Vendor: davenardella
Product: snap7
Published: Jul 08, 2026
Source: NVD

Malicious use of a stolen cookie might allow modifications to the contents of the IP phoneโ€™s webpage.

Published: Jul 08, 2026
Source: NVD

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUIโ€™s webpage.

Published: Jul 08, 2026
Source: NVD
CVE-2026-55830 HIGH - 8.3

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted position...

Vendor: zopefoundation
Product: RestrictedPython
Published: Jul 08, 2026
Source: NVD
CVE-2026-52200 CRITICAL - 9.8

An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk

Published: Jul 08, 2026
Source: NVD
CVE-2026-51535 HIGH - 7.5

In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its network processing loop.

Published: Jul 08, 2026
Source: NVD
CVE-2026-39179 MEDIUM - 6.3

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality.

Published: Jul 08, 2026
Source: NVD
CVE-2026-39178 MEDIUM - 6.3

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint.

Published: Jul 08, 2026
Source: NVD