Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-13023 — Google Chrome GPU Uninitialized Use Information Disclosure

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Information Disclosure
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-13022 — Google Chrome Autofill Cross-Origin Data Leak

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Information Disclosure
Jun 24, 2026 Jul 01, 2026
Jun 24, 2026
Jul 01, 2026
4.3 MEDIUM
CVE-2026-13021 — Google Chrome Same Origin Policy Bypass

Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium securi…

linux_kernel chrome macos chrome windows edge_chromium | Remote | Misconfiguration
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-12760 — Denial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo…

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets.  An unauthenticated adjacent atta…

tapo_c200_firmware tapo_c200 | Denial of Service
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
5.5 MEDIUM
CVE-2025-60471 — GPAC MP4Box Use-After-Free Denial-of-Service

A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via suppl…

gpac | Memory Corruption
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
0.0 NONE
CVE-2026-55611 — AnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership sc…

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files re…

anythingllm | Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-54699 — Warp: OS command injection when opening terminal links from WSL

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. …

| Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-54686 — Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream wit…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.7 HIGH
CVE-2026-49851 — Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. Whe…

mistune | Remote | Denial of Service
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
4.3 MEDIUM
CVE-2026-48789 — AnythingLLM: Windows path containment bypass in document folder route

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept a…

anythingllm | Remote | Path Traversal
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-48732 — Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Wa…

Remote | Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.8 HIGH
CVE-2026-48731 — Warp: Linux external editor command injection

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp e…

| Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.1 HIGH
CVE-2026-48725 — Warp may allow terminal output to access the local clipboard through OSC 52

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malici…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.6 HIGH
CVE-2026-48721 — Warp: Env-var prefixes can lead to denylisted command autoexecution

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed …

| Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-48720 — Warp: SSH remote output can lead to local file overwrite and persistence

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.0 HIGH
CVE-2026-48719 — Warp branch selector command injection via Git branch names

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publi…

Remote | Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-48704 — Warp Markdown notebook links may open executable local files

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handle…

Remote | Misconfiguration
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.8 HIGH
CVE-2026-48703 — Warp: Command Injection via Warp code search tool arguments

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affec…

| Injection
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
5.5 MEDIUM
CVE-2026-44022 — Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphic…

docling | Path Traversal
Jun 24, 2026 Jun 26, 2026
Jun 24, 2026
Jun 26, 2026
9.4 CRITICAL
CVE-2026-44020 — Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard …

docling | Remote | XML External Entity
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
Showing 20 of 7983 Results