Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,293
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 101 - 120 of 1,570 CVEs

Incorrect security UI in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD

Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD

Inappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD

Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD

Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-9836 LOW - 3.5

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

Vendor: ibm
Product: infosphere_information_server
Published: Jun 30, 2026
Source: NVD

Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

Vendor: composer
Product: twig/twig
Published: Jun 30, 2026
Source: GitHub

Sigstore Java has a vulnerability with bundle verification of integratedTime

Vendor: maven
Product: dev.sigstore:sigstore-java
Published: Jun 30, 2026
Source: GitHub

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper (weed/server/common.go), with no callback-name validation, no X-Content-Type-Options: nosniff header, and no CORS allow-list. Every JSON ...

Vendor: seaweedfs
Product: seaweedfs
Published: Jun 30, 2026
Source: NVD

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown (state BT_RFCOMM_STATE_DISCONNECTING, DISC sent, RTX timer armed) and the con...

Vendor: zephyrproject
Product: zephyr
Published: Jun 30, 2026
Source: NVD

CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path. The decrypt_done($tag) form compares it against the computed tag with memNE (memcmp() != 0), which short-circuits on the first differing byte, so its run time depends ...

Vendor: MIK
Product: CryptX
Published: Jun 29, 2026
Source: NVD

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain the f...

Vendor: iv-org
Product: Invidious
Published: Jun 29, 2026
Source: NVD

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to i...

Vendor: seladb
Product: PcapPlusPlus
Published: Jun 29, 2026
Source: NVD

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the l...

Vendor: llvm
Product: llvm-project
Published: Jun 29, 2026
Source: NVD

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploi...

Vendor: llvm
Product: llvm-project
Published: Jun 29, 2026
Source: NVD

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Performing a manipulation of the argument full_name results in cross site scripting. The attack is possible ...

Vendor: SourceCodester
Product: Inventory Management System
Published: Jun 29, 2026
Source: NVD

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation of t...

Vendor: CodeAstro
Product: Complaint Management System
Published: Jun 29, 2026
Source: NVD