Search

Search Results (364098 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13936 1 Google 1 Chrome 2026-07-08 6.5 Medium
Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13942 1 Google 1 Chrome 2026-07-08 3.3 Low
Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13946 1 Google 1 Chrome 2026-07-08 4.3 Medium
Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13953 1 Google 1 Chrome 2026-07-08 6.5 Medium
Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13954 1 Google 1 Chrome 2026-07-08 6.5 Medium
Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13955 1 Google 1 Chrome 2026-07-08 3.3 Low
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Medium)
CVE-2026-13962 1 Google 1 Chrome 2026-07-08 6.5 Medium
Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13965 1 Google 1 Chrome 2026-07-08 8.8 High
Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13966 1 Google 1 Chrome 2026-07-08 4.3 Medium
Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13968 1 Google 1 Chrome 2026-07-08 7.5 High
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: Medium)
CVE-2026-13973 1 Google 1 Chrome 2026-07-08 4.2 Medium
Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13976 1 Google 1 Chrome 2026-07-08 5.8 Medium
Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13977 1 Google 1 Chrome 2026-07-08 5.4 Medium
Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13981 1 Google 1 Chrome 2026-07-08 4.3 Medium
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13984 1 Google 1 Chrome 2026-07-08 4.3 Medium
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-59925 1 Lepture 1 Mistune 2026-07-08 7.5 High
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from every potential opening run, allowing denial of service in default Mistune parsing. This issue is fixed in version 3.3.0.
CVE-2026-59807 1 Composio 1 Composio 2026-07-08 6.8 Medium
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt injection to manipulate file_uploadable parameters to reference sensitive paths such as SSH private keys, causing the CLI to upload credential files to attacker-controlled storage.
CVE-2026-59806 1 Gradio Project 1 Gradio 2026-07-08 7.4 High
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.
CVE-2026-29007 2026-07-08 5.3 Medium
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attackers can send a packet with an IP total length of 40 bytes and a TCP data offset claiming 60 bytes of header to cause tcp_parse_options() to read 40 bytes past the end of the TCP segment, potentially corrupting connection state variables such as rmt_win_scale and rmt_timestamp to disrupt TCP window calculations.
CVE-2026-58253 2026-07-08 8.8 High
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.