Export limit exceeded: 10052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362833 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13841 | 1 Google | 1 Chrome | 2026-07-01 | 8.3 High |
| Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13845 | 1 Google | 1 Chrome | 2026-07-01 | 8.8 High |
| Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13849 | 1 Google | 1 Chrome | 2026-07-01 | 8.6 High |
| Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
| CVE-2026-13850 | 1 Google | 1 Chrome | 2026-07-01 | 8.8 High |
| Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: High) | ||||
| CVE-2026-13854 | 1 Google | 1 Chrome | 2026-07-01 | 9.6 Critical |
| Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13859 | 1 Google | 1 Chrome | 2026-07-01 | 9.6 Critical |
| Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13863 | 1 Google | 1 Chrome | 2026-07-01 | 7.8 High |
| Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-13876 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. (Chromium security severity: Medium) | ||||
| CVE-2026-13881 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13883 | 1 Google | 1 Chrome | 2026-07-01 | 9.6 Critical |
| Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13885 | 1 Google | 1 Chrome | 2026-07-01 | 8.8 High |
| Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13886 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13889 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-56148 | 1 Elastic | 1 Elasticsearch | 2026-07-01 | 6.5 Medium |
| Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable. | ||||
| CVE-2026-56149 | 1 Elastic | 1 Elasticsearch | 2026-07-01 | 4.9 Medium |
| Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable. | ||||
| CVE-2026-56150 | 1 Elastic | 1 Fleet Server | 2026-07-01 | 6.5 Medium |
| Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable. | ||||
| CVE-2026-56151 | 1 Elastic | 1 Kibana | 2026-07-01 | 6.5 Medium |
| Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable. | ||||
| CVE-2026-49087 | 1 Elastic | 1 Kibana | 2026-07-01 | 6.5 Medium |
| Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable. | ||||
| CVE-2026-49088 | 1 Elastic | 1 Kibana | 2026-07-01 | 4.4 Medium |
| Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to operators with log access. | ||||
| CVE-2026-5051 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2026-07-01 | 4.4 Medium |
| HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability (CVE-2026-5051) is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17. | ||||