Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.8 HIGH
CVE-2026-14383 — Google Chrome V8 Out-of-Bounds Write

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M…

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
9.6 CRITICAL
CVE-2026-14382 — ANGLE Sandbox Escape

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 03, 2026
Jul 01, 2026
Jul 03, 2026
6.5 MEDIUM
CVE-2026-14381 — Google Chrome UI Spoofing

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

chrome chrome | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.9 MEDIUM
CVE-2026-55793 — Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or …

craft_cms | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-54712 — OpenTelemetry Javaagent RMI context propagation allows resource exhaustion

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits t…

opentelemetry_instrumentation_for_java | Remote | Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-54704 — OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize …

opentelemetry_instrumentation_for_java | Remote | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.3 HIGH
CVE-2026-54263 — Wagtail: Reflected XSS in dynamic image URL generator view

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists on the dynamic image URL ge…

wagtail | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.3 MEDIUM
CVE-2026-54262 — Wagtail: Pages translations can be created without page permissions when using simple_tra…

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations…

wagtail | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-54261 — Wagtail: Improper permission handling in image preview

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access t…

wagtail | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.3 MEDIUM
CVE-2026-54260 — Wagtail: Denial of service via unbounded filter specs in the image preview

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefu…

wagtail | Remote | Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.3 MEDIUM
CVE-2026-54259 — Wagtail: Improper restriction handling on Documents and Images chosen endpoints

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which…

wagtail | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-52190 — UTT nv518G Buffer Overflow

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component

Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-52186 — UTT nv518G SQL Injection

SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component

Remote | Injection
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-38891 — Gazebo-ROS DiffDrive DoS

An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist messa…

Remote | Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-36912 — MPC-BE NULL Pointer Dereference

A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.5 MEDIUM
CVE-2026-36911 — Aleksoid MPC-BE division-by-zero Denial of Service

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a craf…

| Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.5 MEDIUM
CVE-2026-36910 — MPC-BE Out-of-Bounds Read Denial of Service

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

| Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.2 MEDIUM
CVE-2026-36909 — MPC-BE NULL Pointer Dereference Denial of Service

A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

| Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.2 HIGH
CVE-2026-58263 — Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/<styl…

Remote | Cross-Site Scripting
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.3 MEDIUM
CVE-2026-55886 — Jodit Editor: Prototype Pollution in Jodit via Jodit.modules.Helpers.set()

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.set…

Remote | Injection
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
Showing 20 of 7473 Results