Search Results (121350 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13836 1 Google 1 Chrome 2026-07-15 6.1 Medium
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13842 1 Google 1 Chrome 2026-07-15 4.3 Medium
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13854 1 Google 1 Chrome 2026-07-15 9.6 Critical
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13856 1 Google 1 Chrome 2026-07-15 7.5 High
Insufficient validation of untrusted input in Speech in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13882 1 Google 1 Chrome 2026-07-15 9.6 Critical
Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13892 1 Google 1 Chrome 2026-07-15 6.5 Medium
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13897 1 Google 1 Chrome 2026-07-15 8.8 High
Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13900 1 Google 1 Chrome 2026-07-15 6.5 Medium
Inappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-54990 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-15 9.8 Critical
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-50330 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.5 High
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-57096 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-15 7.8 High
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-49791 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.1 High
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-50451 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.1 High
Missing authentication for critical function in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-13903 1 Google 1 Chrome 2026-07-15 8.8 High
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13904 1 Google 1 Chrome 2026-07-15 6.5 Medium
Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13907 1 Google 1 Chrome 2026-07-15 4.2 Medium
Inappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13909 1 Google 1 Chrome 2026-07-15 9.6 Critical
Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13913 1 Google 1 Chrome 2026-07-15 6.5 Medium
Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13920 1 Google 1 Chrome 2026-07-15 9.6 Critical
Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13937 1 Google 1 Chrome 2026-07-15 6.5 Medium
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)