Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365359 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24270 | 2026-07-14 | 9.8 Critical | ||
| NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-15619 | 1 Mosaxiv | 1 Clawlet | 2026-07-14 | 6.3 Medium |
| A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label "not planned". | ||||
| CVE-2026-54428 | 2026-07-13 | 7.5 High | ||
| Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2 SETTINGS acknowledgement causes the configured header list size limit to be applied. | ||||
| CVE-2026-15618 | 1 Mosaxiv | 1 Clawlet | 2026-07-13 | 6.3 Medium |
| A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label "not planned". | ||||
| CVE-2026-14385 | 1 Google | 1 Chrome | 2026-07-13 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-39042 | 1 Mikrotik | 1 Routeros | 2026-07-13 | N/A |
| An issue in MikroTIk (SIA Mikrotikls, Latvia) RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten() function in libumsg.so. | ||||
| CVE-2026-51540 | 1 Eipstackgroup | 1 Opener | 2026-07-13 | N/A |
| OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData). | ||||
| CVE-2026-58487 | 1 Hedgedoc | 1 Hedgedoc | 2026-07-13 | N/A |
| HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a specially crafted email address and inject arbitrary HTML into pages viewed by other users. HedgeDoc accepted RFC 5321 quoted-string local-parts in email addresses during registration. The local-part was then reused as the user's display name without escaping and rendered into HTML in multiple places, including publish and slide views as well as the collaborative editor. An attacker could break out of an HTML attribute and inject arbitrary markup into the page. While the deployed Content-Security-Policy prevented straightforward inline JavaScript execution, the injected HTML was still sufficient to alter page content and embed attacker-controlled resources such as cross-origin iframes. This issue was fixed in version 1.11.0. | ||||
| CVE-2026-58486 | 1 Hedgedoc | 1 Hedgedoc | 2026-07-13 | N/A |
| HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load (js-yaml v3) via @hedgedoc/meta-marked, which resolved YAML anchor aliases. A compact malicious payload could therefore expand into a huge object structure, consuming excessive CPU. This expansion ran on every request to the publish view (/s/<shortid>) and, when placed under the opengraph key, the editor view (/<noteId>). A ten-level alias bomb could block the single Node.js event loop for roughly 235 seconds per request, causing concurrent requests to hang or drop and rendering the instance unavailable (DoS). Because the note was stored in the database, the impact survived process restarts until the note was removed. toobusy-js did not reliably mitigate the worst cases, as the event loop was saturated before the middleware could respond. This issue was fixed in version 1.11.0. | ||||
| CVE-2026-14407 | 1 Google | 1 Chrome | 2026-07-13 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14401 | 1 Google | 1 Chrome | 2026-07-13 | 8.3 High |
| Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14397 | 1 Google | 1 Chrome | 2026-07-13 | 9.6 Critical |
| Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14392 | 1 Google | 1 Chrome | 2026-07-13 | 9.6 Critical |
| Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14402 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14418 | 1 Google | 1 Chrome | 2026-07-13 | 4.3 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14413 | 1 Google | 1 Chrome | 2026-07-13 | 8.3 High |
| Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14421 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14408 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14398 | 1 Google | 1 Chrome | 2026-07-13 | 9.6 Critical |
| Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-14390 | 1 Google | 1 Chrome | 2026-07-13 | 9.6 Critical |
| Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||