Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.8 HIGH
CVE-2026-14394 — Google Chrome V8 Use-After-Free

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-14393 — Google Chrome V8 Use-After-Free

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
9.6 CRITICAL
CVE-2026-14392 — Google Chrome Tint Out-of-Bounds Write Sandbox Escape

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
5.3 MEDIUM
CVE-2026-14391 — ANGLE Integer Overflow Information Disclosure

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proces…

chrome chrome windows | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
9.6 CRITICAL
CVE-2026-14390 — ANGLE Use-after-free Sandbox Escape

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
8.3 HIGH
CVE-2026-14389 — Google Chrome Skia Integer Overflow Sandbox Escape

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
6.5 MEDIUM
CVE-2026-14388 — ANGLE Out-of-Bounds Read

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securi…

chrome chrome | Remote | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
9.6 CRITICAL
CVE-2026-14387 — Google Chrome Skia Integer Overflow Sandbox Escape

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
6.5 MEDIUM
CVE-2026-14386 — ANGLE Out-of-Bounds Read Information Disclosure

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securi…

chrome chrome | Remote | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-14385 — ANGLE Heap Buffer Overflow

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Hig…

chrome macos chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-14384 — ANGLE Out-of-Bounds Read

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

chrome chrome windows | Remote | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-14383 — Google Chrome V8 Out-of-Bounds Write

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M…

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
9.6 CRITICAL
CVE-2026-14382 — ANGLE Sandbox Escape

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
6.5 MEDIUM
CVE-2026-14381 — Google Chrome UI Spoofing

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

chrome chrome | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.9 MEDIUM
CVE-2026-55793 — Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or …

craft_cms | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-54712 — OpenTelemetry Javaagent RMI context propagation allows resource exhaustion

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits t…

opentelemetry_instrumentation_for_java | Remote | Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-54704 — OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize …

opentelemetry_instrumentation_for_java | Remote | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.3 HIGH
CVE-2026-54263 — Wagtail: Reflected XSS in dynamic image URL generator view

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists on the dynamic image URL ge…

wagtail | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.3 MEDIUM
CVE-2026-54262 — Wagtail: Pages translations can be created without page permissions when using simple_tra…

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations…

wagtail | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-54261 — Wagtail: Improper permission handling in image preview

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access t…

wagtail | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
Showing 20 of 7904 Results