Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.8 HIGH
CVE-2026-13777 — Google Chrome iOS Heap Corruption

Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium…

linux_kernel chrome macos chrome windows | Remote | Memory Corruption
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-13776 — Google Chrome Type Confusion Sandbox Escape

Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…

linux_kernel chrome macos chrome windows | Remote | Memory Corruption
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-13775 — Google Chrome Use-after-free Sandbox Escape

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…

linux_kernel chrome macos chrome windows | Remote | Memory Corruption
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.1 HIGH
CVE-2026-13774 — Google Chrome Extensions Use-After-Free Vulnerability

Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension…

linux_kernel chrome macos chrome windows | Remote | Memory Corruption
Jun 30, 2026 Jul 02, 2026
Jun 30, 2026
Jul 02, 2026
8.1 HIGH
CVE-2025-71374 — picklescan - Arbitrary Code Execution via Undetected profile.Profile.run

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft …

picklescan | Remote | Injection
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.1 HIGH
CVE-2025-71371 — picklescan - Remote Code Execution via code.InteractiveInterpreter Detection Bypass

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and e…

picklescan | Remote | Injection
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.1 HIGH
CVE-2025-71368 — picklescan - Arbitrary Code Execution via Undetected doctest.debug_script

picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files…

picklescan | Remote | Injection
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.1 HIGH
CVE-2025-71363 — picklescan - Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserializati…

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cPr…

picklescan | Remote | Injection
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
7.6 HIGH
CVE-2025-71355 — Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can cr…

picklescan | Remote | Injection
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.1 HIGH
CVE-2025-71352 — picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can cr…

picklescan | Remote | Injection
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.1 HIGH
CVE-2025-71350 — picklescan - Undetected Remote Code Execution via torch.utils.collect_env.run

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote …

picklescan | Remote | Injection
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
8.1 HIGH
CVE-2025-71349 — picklescan - Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious…

picklescan | Remote | Injection
Jun 30, 2026 Jul 01, 2026
Jun 30, 2026
Jul 01, 2026
6.3 MEDIUM
CVE-2026-55223 — c3p0 exposes a deserialization "sink" via JDBC DataSource bean properties

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.get…

Remote | Injection
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
6.5 MEDIUM
CVE-2026-14103 — Google Chrome Use-After-Free

Use after free in SSL in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium …

chrome chrome | Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
5.9 MEDIUM
CVE-2026-14062 — Google Chrome Views Information Disclosure

Inappropriate implementation in Views in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive inf…

chrome chrome | Remote | Information Disclosure
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
4.2 MEDIUM
CVE-2026-14028 — Google Chrome iOS UI Spoofing

Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a cr…

chrome chrome | Remote | Misconfiguration
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
4.2 MEDIUM
CVE-2026-13986 — Google Chrome UI Spoofing

Inappropriate implementation in Media UI in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing vi…

chrome chrome | Remote | Cross-Site Scripting
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
5.4 MEDIUM
CVE-2026-13977 — Google Chrome HTMLParser UXSS

Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security sev…

chrome chrome | Remote | Cross-Site Scripting
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
5.8 MEDIUM
CVE-2026-13976 — Google Chrome Storage Sandbox Escape

Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…

chrome chrome | Remote | Memory Corruption
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
8.1 HIGH
CVE-2026-13974 — Google Chrome Safe Browsing Integer Overflow

Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)

chrome chrome | Remote | Denial of Service
Jun 30, 2026 Jun 30, 2026
Jun 30, 2026
Jun 30, 2026
Showing 20 of 7988 Results