Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-13030 — Google Chrome GPU Uninitialized Use Information Disclosure

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi…

android chrome chrome | Remote | Information Disclosure
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-13029 — Google Chrome Web Authentication Use-After-Free

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a cr…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
9.6 CRITICAL
CVE-2026-13028 — Google Chrome Android Use-After-Free Sandbox Escape

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri…

android chrome chrome | Remote | Memory Corruption
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-13027 — Google Chrome Use-After-Free in FileSystem

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-13026 — Google Chrome Use-After-Free Vulnerability

Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security seve…

chrome macos chrome edge_chromium | Remote | Memory Corruption
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
8.3 HIGH
CVE-2026-13025 — Google Chrome DevTools Race Condition Sandbox Escape

Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Race Condition
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
4.2 MEDIUM
CVE-2026-13024 — Google Chrome Navigation Bypass

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a cra…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Information Disclosure
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-13023 — Google Chrome GPU Uninitialized Use Information Disclosure

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Information Disclosure
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-13022 — Google Chrome Autofill Cross-Origin Data Leak

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Information Disclosure
Jun 24, 2026 Jul 01, 2026
Jun 24, 2026
Jul 01, 2026
4.3 MEDIUM
CVE-2026-13021 — Google Chrome Same Origin Policy Bypass

Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium securi…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Misconfiguration
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-12760 — Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo…

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent atta…

tapo_c200_firmware tapo_c200 | Denial of Service
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
5.5 MEDIUM
CVE-2025-60471 — GPAC MP4Box Use-After-Free Denial-of-Service

A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via suppl…

gpac | Memory Corruption
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
0.0 NONE
CVE-2026-55611 — AnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership sc…

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files re…

anythingllm | Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-54699 — Warp: OS command injection when opening terminal links from WSL

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. …

| Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-54686 — Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream wit…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.7 HIGH
CVE-2026-49851 — Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. Whe…

mistune | Remote | Denial of Service
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
4.3 MEDIUM
CVE-2026-48789 — AnythingLLM: Windows path containment bypass in document folder route

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept a…

anythingllm | Remote | Path Traversal
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-48732 — Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Wa…

Remote | Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.8 HIGH
CVE-2026-48731 — Warp: Linux external editor command injection

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp e…

| Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.1 HIGH
CVE-2026-48725 — Warp may allow terminal output to access the local clipboard through OSC 52

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malici…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
Showing 20 of 7970 Results