CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-14395
8.8 HIGH

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

Jul 1, 2026
CVE-2026-14394
8.8 HIGH

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jul 1, 2026
CVE-2026-14393
8.8 HIGH

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jul 1, 2026
CVE-2026-14392
9.6 CRITICAL

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted …

Jul 1, 2026
CVE-2026-14391
5.3 MEDIUM

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially …

Jul 1, 2026
CVE-2026-14390
9.6 CRITICAL

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14389
8.3 HIGH

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jul 1, 2026
CVE-2026-14388
6.5 MEDIUM

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via …

Jul 1, 2026
CVE-2026-14387
9.6 CRITICAL

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. …

Jul 1, 2026
CVE-2026-14386
6.5 MEDIUM

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via …

Jul 1, 2026
CVE-2026-14385
8.8 HIGH

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via …

Jul 1, 2026
CVE-2026-14384
6.5 MEDIUM

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted …

Jul 1, 2026
CVE-2026-14383
8.8 HIGH

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jul 1, 2026
CVE-2026-14382
9.6 CRITICAL

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a …

Jul 1, 2026
CVE-2026-14381
6.5 MEDIUM

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium …

Jul 1, 2026
CVE-2026-11950

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jul 1, 2026
CVE-2026-55793

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in …

Jul 1, 2026
CVE-2026-54712
5.3 MEDIUM

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number …

Jul 1, 2026
CVE-2026-54704
6.5 MEDIUM

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in …

Jul 1, 2026
CVE-2026-54263
7.3 HIGH

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists …

Jul 1, 2026
CVE-2026-54262
4.3 MEDIUM

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can …

Jul 1, 2026
CVE-2026-54261
6.5 MEDIUM

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check …

Jul 1, 2026
CVE-2026-54260
4.3 MEDIUM

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger …

Jul 1, 2026
CVE-2026-54259
4.3 MEDIUM

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen …

Jul 1, 2026
CVE-2026-52190
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component

Jul 1, 2026
CVE-2026-52186
9.8 CRITICAL

SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component

Jul 1, 2026
CVE-2026-38891
7.5 HIGH

An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist …

Jul 1, 2026
CVE-2026-36912
7.5 HIGH

A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a …

Jul 1, 2026
CVE-2026-36911
5.5 MEDIUM

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted …

Jul 1, 2026
CVE-2026-36910
5.5 MEDIUM

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted …

Jul 1, 2026
CVE-2026-36909
6.2 MEDIUM

A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a …

Jul 1, 2026
CVE-2026-58263
7.2 HIGH

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer …

Jul 1, 2026
CVE-2026-55886

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution …

Jul 1, 2026
CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not …

Jul 1, 2026
CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable …

Jul 1, 2026
CVE-2026-55153
7.1 HIGH

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory …

Jul 1, 2026
CVE-2026-54786
5.0 MEDIUM

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions …

Jul 1, 2026
CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configure(options) — and the …

Jul 1, 2026
CVE-2026-54720
5.4 MEDIUM

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS …

Jul 1, 2026
CVE-2026-54074
7.8 HIGH

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal …

Jul 1, 2026
CVE-2026-50521
8.3 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.

Jul 1, 2026
CVE-2026-14340
5.0 MEDIUM

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write …

Jul 1, 2026
CVE-2026-58593
7.5 HIGH

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and …

Jul 1, 2026
CVE-2026-58592
8.3 HIGH

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM …

Jul 1, 2026
CVE-2026-58457
9.8 CRITICAL

Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by …

Jul 1, 2026
CVE-2026-55688
4.0 MEDIUM

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and …

Jul 1, 2026
CVE-2026-54908

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while …

Jul 1, 2026
CVE-2026-54164
6.5 MEDIUM

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does …

Jul 1, 2026
CVE-2026-49858
5.9 MEDIUM

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing …

Jul 1, 2026
CVE-2026-14363

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This …

Jul 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.