Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.7 HIGH
CVE-2026-55794 — Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referr…

craft_cms | Remote | Injection
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.0 MEDIUM
CVE-2026-55792 — Craft CMS: Sensitive File Disclosure / Server-Side File Read

Craft CMS is a content management system (CMS). In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl() Twig function is included in Craft’s T…

craft_cms | Remote | Information Disclosure
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.9 MEDIUM
CVE-2026-55791 — Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in act…

Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery (SSRF) and Arbit…

craft_cms | Remote | Server-Side Request Forgery
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.4 CRITICAL
CVE-2026-14439 — Path Traversal in Altium Git Service Allows Remote Code Execution

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that us…

on-prem_enterprise_server | Remote | Path Traversal
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.4 HIGH
CVE-2026-55790 — Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms…

craft_cms | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.1 HIGH
CVE-2026-50284 — Craft CMS: Missing peer-permission check in `AssetsController::actionDeleteFolder` allows…

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-ui…

craft_cms | Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.6 HIGH
CVE-2026-14440 — Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured C…

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is…

| Misconfiguration
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.5 HIGH
CVE-2026-14426 — Google Chrome Use-After-Free Vulnerability

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted …

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-14394 — Google Chrome V8 Use-After-Free

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

chrome chrome | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
8.8 HIGH
CVE-2026-14432 — Google Chrome Use-After-Free

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
8.8 HIGH
CVE-2026-14393 — Google Chrome V8 Use-After-Free

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
8.8 HIGH
CVE-2026-14403 — Google Chrome Use-After-Free

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.6 CRITICAL
CVE-2026-14419 — Google Chrome Use-After-Free Sandbox Escape

Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.6 CRITICAL
CVE-2026-14417 — Google Chrome Use-After-Free Sandbox Escape

Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.6 CRITICAL
CVE-2026-14424 — Google Chrome Use-After-Free Sandbox Escape

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.6 CRITICAL
CVE-2026-14425 — ANGLE Use-After-Free Sandbox Escape

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.6 CRITICAL
CVE-2026-14390 — ANGLE Use-after-free Sandbox Escape

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.6 CRITICAL
CVE-2026-14398 — ANGLE Use-after-free Sandbox Escape

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.6 CRITICAL
CVE-2026-14405 — Google Chrome V8 Uninitialized Use

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.5 MEDIUM
CVE-2026-14399 — Google Chrome Use-After-Free

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security…

chrome chrome | Remote | Information Disclosure
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
Showing 20 of 7946 Results