Search

Search Results (362534 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13908 1 Google 1 Chrome 2026-07-01 N/A
Insufficient validation of untrusted input in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via malicious network traffic. (Chromium security severity: Medium)
CVE-2026-13910 1 Google 1 Chrome 2026-07-01 N/A
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13911 1 Google 1 Chrome 2026-07-01 5.3 Medium
Insufficient policy enforcement in Spellcheck in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14064 1 Google 1 Chrome 2026-07-01 N/A
Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14073 1 Google 1 Chrome 2026-07-01 N/A
Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14075 1 Google 1 Chrome 2026-07-01 N/A
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14077 1 Google 1 Chrome 2026-07-01 N/A
Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14078 1 Google 1 Chrome 2026-07-01 N/A
Insufficient validation of untrusted input in WebRTC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14080 1 Google 1 Chrome 2026-07-01 N/A
Insufficient validation of untrusted input in TabSwitcher in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via malicious network traffic. (Chromium security severity: Low)
CVE-2026-14086 1 Google 1 Chrome 2026-07-01 N/A
Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14092 1 Google 1 Chrome 2026-07-01 N/A
Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Low)
CVE-2026-14098 1 Google 1 Chrome 2026-07-01 N/A
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14099 1 Google 1 Chrome 2026-07-01 N/A
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14102 1 Google 1 Chrome 2026-07-01 N/A
Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14108 1 Google 1 Chrome 2026-07-01 N/A
Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
CVE-2026-57329 2 Woocommerce Designer Pro, Wordpress 2 Woocommerce Designer Pro, Wordpress 2026-07-01 6.5 Medium
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
CVE-2026-57335 2 Ads By Wpquads, Wordpress 2 Ads By Wpquads, Wordpress 2026-07-01 6.5 Medium
Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.
CVE-2026-57341 2 Colissimo, Wordpress 2 Colissimo Officiel : Méthodes De Livraison Pour Woocommerce, Wordpress 2026-07-01 6.5 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.
CVE-2026-27435 2026-07-01 5.3 Medium
Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woffice: from n/a before 5.4.33.
CVE-2026-11562 2026-07-01 4.3 Medium
The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.