Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,273
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 221 - 240 of 39,631 CVEs
CVE-2026-15116 HIGH - 8.8

Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15114 HIGH - 8.8

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15113 CRITICAL - 9.6

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15112 HIGH - 8.8

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15111 HIGH - 7.5

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15110 HIGH - 8.8

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15109 MEDIUM - 6.5

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15108 MEDIUM - 4.3

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15107 HIGH - 8.8

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15105 MEDIUM - 6.3

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has be...

Vendor: davenardella
Product: snap7
Published: Jul 08, 2026
Source: NVD

Malicious use of a stolen cookie might allow modifications to the contents of the IP phoneโ€™s webpage.

Published: Jul 08, 2026
Source: NVD

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUIโ€™s webpage.

Published: Jul 08, 2026
Source: NVD
CVE-2026-55830 HIGH - 8.3

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted position...

Vendor: zopefoundation
Product: RestrictedPython
Published: Jul 08, 2026
Source: NVD
CVE-2026-52200 CRITICAL - 9.8

An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk

Published: Jul 08, 2026
Source: NVD
CVE-2026-51535 HIGH - 7.5

In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its network processing loop.

Published: Jul 08, 2026
Source: NVD
CVE-2026-39179 MEDIUM - 6.3

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality.

Published: Jul 08, 2026
Source: NVD
CVE-2026-39178 MEDIUM - 6.3

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint.

Published: Jul 08, 2026
Source: NVD
CVE-2026-35552 HIGH - 8.1

In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's l...

Published: Jul 08, 2026
Source: NVD
CVE-2026-31309 HIGH - 7.5

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.

Published: Jul 08, 2026
Source: NVD