Export limit exceeded: 363081 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363081 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14041 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14043 | 1 Google | 1 Chrome | 2026-07-02 | 9.6 Critical |
| Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14045 | 1 Google | 1 Chrome | 2026-07-02 | 4.3 Medium |
| Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-53357 | 1 Linux | 1 Linux Kernel | 2026-07-02 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from the parent accept queue and release_sock()s it before returning, so the returned sk has no caller reference and is unlocked. l2cap_sock_cleanup_listen() walks these children on listening-socket close. A concurrent HCI disconnect drives hci_rx_work -> l2cap_conn_del() which runs l2cap_chan_del() + l2cap_sock_kill() and frees the child sk and its l2cap_chan; cleanup_listen() then uses both: BUG: KASAN: slab-use-after-free in l2cap_sock_kill l2cap_sock_kill / l2cap_sock_cleanup_listen / __x64_sys_close Freed by: l2cap_conn_del -> l2cap_sock_close_cb -> l2cap_sock_kill This is distinct from the two fixes already in this area: commit e83f5e24da741 ("Bluetooth: serialize accept_q access") serialises the accept_q list/poll and takes temporary refs inside bt_accept_dequeue(), and CVE-2025-39860 serialises the userspace close()/accept() race by calling cleanup_listen() under lock_sock() in l2cap_sock_release(). Neither covers l2cap_conn_del() running from hci_rx_work, so this UAF still reproduces on current bluetooth/master. Take the reference at the source: bt_accept_dequeue() does sock_hold() while sk is still locked, before release_sock(); callers sock_put(). cleanup_listen() pins the chan with l2cap_chan_hold_unless_zero() under a brief child sk lock (serialising vs l2cap_sock_teardown_cb()), drops it before l2cap_chan_lock(), and skips a duplicate l2cap_sock_kill() on SOCK_DEAD. conn->lock is not taken here: cleanup_listen() runs under the parent sk lock and that would invert conn->lock -> chan->lock -> sk_lock (lockdep). KASAN/SMP: an unprivileged listen/close vs HCI-disconnect race produced 12 use-after-free reports per run before this change; 0, and no lockdep report, over 1600+ raced iterations after it on bluetooth/master. | ||||
| CVE-2026-51947 | 1 Pivotal | 1 Crm | 2026-07-02 | 9.8 Critical |
| An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253. | ||||
| CVE-2026-14415 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14381 | 1 Google | 1 Chrome | 2026-07-02 | 4.3 Medium |
| Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14060 | 1 Google | 1 Chrome | 2026-07-02 | 7.8 High |
| Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Low) | ||||
| CVE-2026-14064 | 1 Google | 1 Chrome | 2026-07-02 | 7.5 High |
| Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14066 | 1 Google | 1 Chrome | 2026-07-02 | 4.3 Medium |
| Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14067 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14068 | 1 Google | 1 Chrome | 2026-07-02 | 6.1 Medium |
| Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14071 | 1 Google | 1 Chrome | 2026-07-02 | 6.5 Medium |
| Side-channel information leakage in WebAudio in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14079 | 1 Google | 1 Chrome | 2026-07-02 | 4.3 Medium |
| Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14092 | 1 Google | 1 Chrome | 2026-07-02 | 4.3 Medium |
| Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Low) | ||||
| CVE-2026-14098 | 1 Google | 1 Chrome | 2026-07-02 | 6.5 Medium |
| Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14105 | 1 Google | 1 Chrome | 2026-07-02 | 9.6 Critical |
| Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14111 | 1 Google | 1 Chrome | 2026-07-02 | 8.1 High |
| Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2026-14113 | 1 Google | 1 Chrome | 2026-07-02 | 9.6 Critical |
| Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14114 | 1 Google | 1 Chrome | 2026-07-02 | 7.5 High |
| Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low) | ||||