Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-15125 1 Google 1 Chrome 2026-07-10 8.8 High
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15126 1 Google 1 Chrome 2026-07-10 8.8 High
Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15128 1 Google 1 Chrome 2026-07-10 6.1 Medium
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15131 1 Google 1 Chrome 2026-07-10 4.3 Medium
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-47826 2026-07-10 N/A
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.
CVE-2026-11571 2026-07-10 7.5 High
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.
CVE-2026-11875 2026-07-10 5.3 Medium
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets.
CVE-2026-58307 1 Samsung Open Source 1 Escargot 2026-07-10 6.1 Medium
Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c.
CVE-2026-54799 1 Siemens 2 Cpci85 Central Processing\/communication, Sicore Base System 2026-07-10 6.7 Medium
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.
CVE-2026-21057 2026-07-10 N/A
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
CVE-2026-21056 2026-07-10 N/A
Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
CVE-2026-21055 2026-07-10 N/A
Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.
CVE-2026-21054 2026-07-10 N/A
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
CVE-2026-21053 2026-07-10 N/A
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
CVE-2026-21052 2026-07-10 N/A
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
CVE-2026-21051 2026-07-10 N/A
Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
CVE-2026-21050 2026-07-10 N/A
Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21049 2026-07-10 N/A
Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
CVE-2026-21048 2026-07-10 N/A
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
CVE-2026-21046 2026-07-10 N/A
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.