Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363673 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14041 1 Google 1 Chrome 2026-07-06 8.8 High
Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14044 1 Google 1 Chrome 2026-07-06 9.6 Critical
Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14045 1 Google 1 Chrome 2026-07-06 4.3 Medium
Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14046 1 Google 1 Chrome 2026-07-06 4.3 Medium
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14053 1 Google 1 Chrome 2026-07-06 4.3 Medium
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14056 1 Google 1 Chrome 2026-07-06 9.6 Critical
Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Low)
CVE-2026-14074 1 Google 1 Chrome 2026-07-06 6.5 Medium
Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14076 1 Google 1 Chrome 2026-07-06 4.3 Medium
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-9182 1 Esri 1 Arcgis Server 2026-07-06 5.3 Medium
ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload.
CVE-2026-9181 1 Esri 1 Arcgis Server 2026-07-06 9.8 Critical
ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow access to sensitive files on the system. This issue impacts all versions of ArcGIS Server 12.0 and prior.
CVE-2026-54059 1 Python-pillow 1 Pillow 2026-07-06 7.5 High
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), allowing crafted PCF font data to cause excessive memory allocation. This issue is fixed in version 12.3.0.
CVE-2026-54060 1 Python-pillow 1 Pillow 2026-07-06 7.5 High
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.
CVE-2026-55380 1 Python-pillow 1 Pillow 2026-07-06 7.5 High
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This issue is fixed in version 12.3.0.
CVE-2026-55379 1 Python-pillow 1 Pillow 2026-07-06 7.5 High
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_check(), bypassing Pillow's documented decompression bomb protection and allowing excessive memory allocation. This issue is fixed in version 12.3.0.
CVE-2026-55646 1 Vllm-project 1 Vllm 2026-07-06 6.5 Medium
vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read() to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLM_MAX_AUDIO_CLIP_FILESIZE_MB compressed upload size limit (default 25 MB) later in the speech-to-text preprocessing step, so an API caller who can reach those routes can submit an oversized multipart upload and cause vLLM to allocate memory proportional to the uploaded file size before the request is rejected as too large, creating memory pressure or terminating the process depending on deployment resource limits. This issue is fixed in version 0.24.0.
CVE-2025-71347 1 Mmaitre314 1 Picklescan 2026-07-06 8.1 High
picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary code execution in applications loading untrusted pickle data.
CVE-2026-14082 1 Google 1 Chrome 2026-07-06 6.5 Medium
Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14092 1 Google 1 Chrome 2026-07-06 4.3 Medium
Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Low)
CVE-2026-14093 1 Google 1 Chrome 2026-07-06 9.6 Critical
Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14095 1 Google 1 Chrome 2026-07-06 9.6 Critical
Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)