Export limit exceeded: 364348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12516 | 2026-07-09 | 5.3 Medium | ||
| The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back the response body. This results in a full-read Server-Side Request Forgery and open proxy. | ||||
| CVE-2026-12270 | 2026-07-09 | 6.5 Medium | ||
| The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or changing that header. This makes it possible for unauthenticated attackers to read onboarding status information, modify the related Everest Forms WordPress plugin before 3.5.0 options, and trigger an email from the site to an arbitrary address. | ||||
| CVE-2026-14050 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14052 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Insufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14055 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14056 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Low) | ||||
| CVE-2026-14057 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14059 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14073 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14076 | 1 Google | 1 Chrome | 2026-07-09 | 4.3 Medium |
| Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14078 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Insufficient validation of untrusted input in WebRTC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14081 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2026-14082 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14083 | 1 Google | 1 Chrome | 2026-07-09 | 6.1 Medium |
| Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14085 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14086 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14087 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14090 | 1 Google | 1 Chrome | 2026-07-09 | 9.8 Critical |
| Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14093 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14095 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||