Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-15777 — Google Chrome UI Use-After-Free Vulnerability

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a cr…

chrome chrome | Remote | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
8.8 HIGH
CVE-2026-15776 — Google Chrome V8 Arbitrary Code Execution

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …

chrome chrome | Remote | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
0.0 NA
CVE-2026-15775 — Google Chrome V8 Same Origin Policy Bypass

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

chrome chrome | Authorization
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.3 HIGH
CVE-2026-15774 — Google Chrome Skia Use-After-Free Vulnerability

Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…

chrome chrome | Remote | Memory Corruption
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.6 CRITICAL
CVE-2026-15773 — Google Chrome Core Use-After-Free Sandbox Escape

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

chrome chrome | Remote | Memory Corruption
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.3 HIGH
CVE-2026-15772 — Google Chrome GPU Use-After-Free Sandbox Escape

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML…

chrome chrome | Remote | Memory Corruption
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
5.3 MEDIUM
CVE-2026-15771 — Google Chrome Media Component Information Disclosure Vulnerability

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensit…

chrome chrome | Remote | Information Disclosure
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.5 MEDIUM
CVE-2026-15770 — Google Chrome V8 Uninitialized Use Vulnerability

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security …

chrome chrome | Remote | Information Disclosure
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.3 HIGH
CVE-2026-15769 — Google Chrome Linux Toolkit Theming Sandbox Escape Vulnerability

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially…

chrome chrome | Remote | Information Disclosure
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
0.0 NA
CVE-2026-15768 — Google Chrome HTML-in-Canvas Same Origin Policy Bypass

Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity:…

chrome chrome | Misconfiguration
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.8 HIGH
CVE-2026-15767 — Google Chrome libyuv Heap Buffer Overflow

Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security se…

chrome chrome | Remote | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
6.5 MEDIUM
CVE-2026-15766 — Google Chrome Skia Uninitialized Memory Disclosure

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit…

chrome chrome | Remote | Information Disclosure
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-15765 — Google Chrome Ozone Use-After-Free Vulnerability

Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted …

chrome chrome | Remote | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
7.5 HIGH
CVE-2026-15764 — Google Chrome Ozone Use-After-Free Vulnerability

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a…

chrome chrome | Remote | Memory Corruption
Jul 14, 2026 Jul 15, 2026
Jul 14, 2026
Jul 15, 2026
5.3 MEDIUM
CVE-2026-15749 — mastergo-design mastergo-magic-mcp mcp__C2d get-c2d.ts execute path traversal

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcp__C2d. Performing a…

| Path Traversal
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
8.5 HIGH
CVE-2026-15738 — Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load …

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another …

Remote | Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.2 CRITICAL
CVE-2026-15643 — AWS HealthLake MCP Server SSRF via Pagination URL

AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores. A server-side request forgery …

Remote | Server-Side Request Forgery
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
9.8 CRITICAL
CVE-2026-53633 — Vitest: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp() API that forwarded raw Chrome DevTools Protocol methods without bei…

Remote | Denial of Service
Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
6.5 MEDIUM
CVE-2026-50659 — .NET Spoofing Vulnerability

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
7.5 HIGH
CVE-2026-50651 — .NET Denial of Service Vulnerability

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Jul 14, 2026 Jul 14, 2026
Jul 14, 2026
Jul 14, 2026
Showing 20 of 8372 Results