Export limit exceeded: 10615 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362730 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-49088 2026-07-01 4.4 Medium
Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to operators with log access.
CVE-2026-14082 1 Google 1 Chrome 2026-07-01 6.5 Medium
Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14106 1 Google 1 Chrome 2026-07-01 9.6 Critical
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14109 1 Google 1 Chrome 2026-07-01 9.6 Critical
Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14113 1 Google 1 Chrome 2026-07-01 9.6 Critical
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14114 1 Google 1 Chrome 2026-07-01 7.5 High
Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low)
CVE-2026-14129 1 Google 1 Chrome 2026-07-01 4.2 Medium
Inappropriate implementation in PreviewTab in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14130 1 Google 1 Chrome 2026-07-01 4.3 Medium
Incorrect security UI in Omnibox in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14137 1 Google 1 Chrome 2026-07-01 4.2 Medium
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14149 1 Google 1 Chrome 2026-07-01 8.8 High
Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14150 1 Google 1 Chrome 2026-07-01 4.3 Medium
Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14151 1 Google 1 Chrome 2026-07-01 8.3 High
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-57962 1 Mozilla 1 Thunderbird 2026-07-01 5.3 Medium
A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.
CVE-2026-20460 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-01 5.3 Medium
In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788.
CVE-2026-20461 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-01 5.3 Medium
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267281 / MOLY01318201; Issue ID: MSV-6486.
CVE-2026-20462 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-01 6.7 Medium
In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871.
CVE-2026-58518 2026-07-01 N/A
Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3.
CVE-2026-50043 2026-07-01 N/A
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege.
CVE-2026-57722 2026-07-01 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1.
CVE-2025-45729 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2026-07-01 6.3 Medium
D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services.