Search Results (24974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-45489 1 Microsoft 1 Edge Chromium 2026-07-06 6.5 Medium
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2025-69624 3 Gonitro, Microsoft, Nitro 3 Nitro Pdf Pro, Windows, Pdf Pro 2026-07-06 7.5 High
Nitro PDF Pro before 14.43 for Windows contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF. For example, 14.41.1.4 and 14.42.0.34 have been reported as vulnerable.
CVE-2026-58297 1 Microsoft 1 Edge Chromium 2026-07-06 7.1 High
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
CVE-2026-58597 1 Microsoft 1 Edge Chromium 2026-07-06 4.3 Medium
Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58291 1 Microsoft 1 Edge Chromium 2026-07-06 6.1 Medium
Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2026-58293 1 Microsoft 1 Edge Chromium 2026-07-06 8.1 High
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58278 1 Microsoft 1 Edge Chromium 2026-07-06 5.4 Medium
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-57977 1 Microsoft 1 Edge Chromium 2026-07-06 7.1 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58299 1 Microsoft 1 Edge Chromium 2026-07-06 7.5 High
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
CVE-2026-58287 1 Microsoft 1 Edge Chromium 2026-07-06 8.3 High
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-56645 1 Microsoft 1 Edge Chromium 2026-07-06 8.8 High
Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58283 1 Microsoft 1 Edge Chromium 2026-07-06 8.1 High
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-57987 1 Microsoft 1 Edge Chromium 2026-07-06 6.5 Medium
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58295 1 Microsoft 1 Edge Chromium 2026-07-06 8.3 High
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-57993 1 Microsoft 1 Edge Chromium 2026-07-06 7.4 High
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-54998 1 Microsoft 1 Exchange Online 2026-07-06 8.8 High
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-56646 1 Microsoft 1 Edge Chromium 2026-07-06 6.5 Medium
Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58290 1 Microsoft 1 Edge Chromium 2026-07-06 7.5 High
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58296 1 Microsoft 1 Edge Chromium 2026-07-06 7.1 High
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
CVE-2026-58524 1 Microsoft 1 Edge Chromium 2026-07-06 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.