Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,576
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 741 - 760 of 40,149 CVEs
CVE-2026-15114 HIGH - 8.8

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15113 CRITICAL - 9.6

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15112 HIGH - 8.8

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15111 HIGH - 7.5

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15110 HIGH - 8.8

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15109 MEDIUM - 6.5

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15108 MEDIUM - 4.3

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15107 HIGH - 8.8

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jul 08, 2026
Source: NVD
CVE-2026-15105 MEDIUM - 6.3

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has be...

Vendor: davenardella
Product: snap7
Published: Jul 08, 2026
Source: NVD

Malicious use of a stolen cookie might allow modifications to the contents of the IP phoneโ€™s webpage.

Published: Jul 08, 2026
Source: NVD

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUIโ€™s webpage.

Published: Jul 08, 2026
Source: NVD
CVE-2026-55830 HIGH - 8.3

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted position...

Vendor: zopefoundation
Product: RestrictedPython
Published: Jul 08, 2026
Source: NVD
CVE-2026-52200 CRITICAL - 9.8

An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk

Published: Jul 08, 2026
Source: NVD
CVE-2026-51535 HIGH - 7.5

In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its network processing loop.

Published: Jul 08, 2026
Source: NVD
CVE-2026-39179 MEDIUM - 6.3

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality.

Published: Jul 08, 2026
Source: NVD
CVE-2026-39178 MEDIUM - 6.3

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint.

Published: Jul 08, 2026
Source: NVD
CVE-2026-35552 HIGH - 8.1

In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's l...

Published: Jul 08, 2026
Source: NVD
CVE-2026-31309 HIGH - 7.5

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.

Published: Jul 08, 2026
Source: NVD

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure

Vendor: Wireshark Foundation
Product: Wireshark
Published: Jul 08, 2026
Source: NVD
CVE-2026-10037 HIGH - 8.8

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-de...

Vendor: Canonical
Product: Ubuntu
Published: Jul 08, 2026
Source: NVD