Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-12446 — Google Chrome Password Leak Vulnerability

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

linux_kernel chrome macos chrome windows edge_chromium | Remote | Information Disclosure
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
7.5 HIGH
CVE-2026-12445 — Google Chrome Use-After-Free in Extensions

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Ch…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
5.5 MEDIUM
CVE-2026-12444 — Google Chrome Out-of-Bounds Read

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Ch…

Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.8 HIGH
CVE-2026-12443 — Google Chrome Web Authentication Use-After-Free

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.8 HIGH
CVE-2026-12442 — Google Chrome Use-After-Free Remote Code Execution

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

android chrome chrome edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.8 HIGH
CVE-2026-12441 — Google Chrome Use-After-Free

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: C…

linux_kernel chrome chrome edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
9.6 CRITICAL
CVE-2026-12440 — Google Chrome: Use-After-Free Sandbox Escape

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security …

chrome chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.8 HIGH
CVE-2026-12439 — Google Chrome Use-After-Free in Digital Credentials

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: C…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.3 HIGH
CVE-2026-12438 — Chrome Android WebView Sandbox Escape

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …

android chrome chrome edge_chromium | Remote | Misconfiguration
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.3 HIGH
CVE-2026-12437 — Google Chrome WebShare Use-After-Free Sandbox Escape

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…

chrome chrome windows edge_chromium | Remote | Memory Corruption
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
7.5 HIGH
CVE-2026-12360 — JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX End…

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intention…

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-12256 — WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Avada <= 3.15.3 versions.

avada | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-12199 — Unauthenticated Denial of Service in nltk.app.wordnet_app

A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on a…

nltk | Remote | Denial of Service
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-12165 — Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUse…

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the `RegistryU…

contest_gallery | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.6 MEDIUM
CVE-2026-12115 — Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of…

counter_box | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.2 MEDIUM
CVE-2026-11975 — Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and Ful…

simplcommerce | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.4 HIGH
CVE-2026-11858 — Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file ov…

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface ov…

| Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.4 HIGH
CVE-2026-11857 — Insecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows …

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured …

| Memory Corruption
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-11410 — OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrat…

Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.5 HIGH
CVE-2026-11409 — OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access m…

Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
Showing 20 of 7990 Results