Export limit exceeded: 26297 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-42973 1 Microsoft 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more 2026-07-08 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42970 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-07-08 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42971 1 Microsoft 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more 2026-07-08 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42907 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-07-08 6.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
CVE-2026-47641 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-08 4.6 Medium
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-10037 1 Canonical 1 Ubuntu 2026-07-08 8.8 High
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
CVE-2026-15105 1 Davenardella 1 Snap7 2026-07-08 6.3 Medium
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-13777 1 Google 1 Chrome 2026-07-08 8.8 High
Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-13780 1 Google 1 Chrome 2026-07-08 9.6 Critical
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-44332 1 Gofiber 1 Fiber 2026-07-08 5.3 Medium
Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enumeration through response timing differences. This issue is fixed in version 3.3.0.
CVE-2026-13797 1 Google 1 Chrome 2026-07-08 9.6 Critical
Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13806 1 Google 1 Chrome 2026-07-08 8.1 High
Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13813 1 Google 1 Chrome 2026-07-08 8.3 High
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13816 1 Google 1 Chrome 2026-07-08 6.5 Medium
Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13817 1 Google 1 Chrome 2026-07-08 8.8 High
Insufficient validation of untrusted input in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13852 1 Google 1 Chrome 2026-07-08 9.1 Critical
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13856 1 Google 1 Chrome 2026-07-08 7.5 High
Insufficient validation of untrusted input in Speech in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13891 1 Google 1 Chrome 2026-07-08 7.5 High
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13893 1 Google 1 Chrome 2026-07-08 6.5 Medium
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)
CVE-2026-13901 1 Google 1 Chrome 2026-07-08 9.6 Critical
Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)