Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,531
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,201 - 2,220 of 40,198 CVEs
CVE-2026-14386 MEDIUM - 6.5

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14385 HIGH - 8.8

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14384 MEDIUM - 6.5

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14383 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14382 CRITICAL - 9.6

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD
CVE-2026-14381 MEDIUM - 6.5

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Jul 01, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jul 01, 2026
Source: NVD

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under the...

Vendor: craftcms
Product: cms
Published: Jul 01, 2026
Source: NVD
CVE-2026-54712 MEDIUM - 5.3

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the strea...

Vendor: open-telemetry
Product: opentelemetry-java-instrumentation
Published: Jul 01, 2026
Source: NVD
CVE-2026-54704 MEDIUM - 6.5

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text datab...

Vendor: open-telemetry
Product: opentelemetry-java-instrumentation
Published: Jul 01, 2026
Source: NVD
CVE-2026-54263 HIGH - 7.3

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for ...

Vendor: torchbox
Product: wagtail
Published: Jul 01, 2026
Source: NVD
CVE-2026-54262 MEDIUM - 4.3

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed ...

Vendor: torchbox
Product: wagtail
Published: Jul 01, 2026
Source: NVD
CVE-2026-54261 MEDIUM - 6.5

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not expose...

Vendor: torchbox
Product: wagtail
Published: Jul 01, 2026
Source: NVD

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not explo...

Vendor: torchbox
Product: wagtail
Published: Jul 01, 2026
Source: NVD
CVE-2026-54259 MEDIUM - 4.3

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could ...

Vendor: torchbox
Product: wagtail
Published: Jul 01, 2026
Source: NVD
CVE-2026-52190 HIGH - 7.5

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component

Published: Jul 01, 2026
Source: NVD
CVE-2026-52186 CRITICAL - 9.8

SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component

Published: Jul 01, 2026
Source: NVD
CVE-2026-38891 HIGH - 7.5

An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist message.

Published: Jul 01, 2026
Source: NVD
CVE-2026-36912 HIGH - 7.5

A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Published: Jul 01, 2026
Source: NVD
CVE-2026-36911 MEDIUM - 5.5

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Published: Jul 01, 2026
Source: NVD