Total
363055 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-9272 | 2026-07-03 | N/A | N/A | ||
| In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification. | |||||
| CVE-2026-8079 | 2026-07-03 | N/A | N/A | ||
| In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration. | |||||
| CVE-2026-54404 | 2026-07-03 | N/A | 8.8 HIGH | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. | |||||
| CVE-2026-53488 | 1 Linuxfoundation | 1 Containerd | 2026-07-03 | N/A | 8.8 HIGH |
| containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10. | |||||
| CVE-2026-50521 | 1 Microsoft | 1 Edge Chromium | 2026-07-03 | N/A | 8.3 HIGH |
| Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-48939 | 1 Joomlic | 1 Icagenda | 2026-07-03 | N/A | 9.8 CRITICAL |
| A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution. | |||||
| CVE-2026-46680 | 1 Linuxfoundation | 1 Containerd | 2026-07-03 | N/A | 7.8 HIGH |
| containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue has been fixed in versions 1.7.32, 2.0.9, 2.2.4 and 2.3.1. | |||||
| CVE-2026-44941 | 2026-07-03 | N/A | 8.4 HIGH | ||
| A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root. | |||||
| CVE-2026-44935 | 2026-07-03 | N/A | 9.9 CRITICAL | ||
| Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants. | |||||
| CVE-2026-14432 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 8.8 HIGH |
| Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-14431 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-14430 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 8.8 HIGH |
| Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-14429 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 8.3 HIGH |
| Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-14428 | 1 Google | 2 Android, Chrome | 2026-07-03 | N/A | 8.3 HIGH |
| Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-14427 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 8.3 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2026-14426 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 7.5 HIGH |
| Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-14425 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 9.6 CRITICAL |
| Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-14424 | 2 Apple, Google | 2 Macos, Chrome | 2026-07-03 | N/A | 9.6 CRITICAL |
| Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-14423 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 9.6 CRITICAL |
| Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-14420 | 1 Google | 1 Chrome | 2026-07-03 | N/A | 9.6 CRITICAL |
| Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||||
