Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23503
Total
1676
Critical
7379
High
7473
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-11246 | MEDIUM | 5.3 | Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass … | Jun 05, 2026 |
| CVE-2026-11245 | MEDIUM | 4.3 | Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security … | Jun 05, 2026 |
| CVE-2026-11244 | LOW | 3.1 | Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass … | Jun 05, 2026 |
| CVE-2026-11243 | MEDIUM | 5.4 | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security … | Jun 05, 2026 |
| CVE-2026-11242 | HIGH | 7.5 | Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak … | Jun 05, 2026 |
| CVE-2026-11241 | HIGH | 8.0 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation … | Jun 05, 2026 |
| CVE-2026-11240 | LOW | 3.1 | Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass … | Jun 05, 2026 |
| CVE-2026-11239 | HIGH | 7.5 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via … | Jun 05, 2026 |
| CVE-2026-11238 | MEDIUM | 5.9 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially … | Jun 05, 2026 |
| CVE-2026-10878 | MEDIUM | 6.3 | A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results … | Jun 05, 2026 |
| CVE-2026-10877 | HIGH | 7.3 | A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php … | Jun 05, 2026 |
| CVE-2026-10876 | MEDIUM | 6.3 | A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of … | Jun 05, 2026 |
| CVE-2026-10586 | HIGH | 7.2 | The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up … | Jun 05, 2026 |
| CVE-2026-48579 | CRITICAL | 9.1 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | Jun 04, 2026 |
| CVE-2026-48567 | CRITICAL | 10.0 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | Jun 04, 2026 |
| CVE-2026-47655 | MEDIUM | 6.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network. | Jun 04, 2026 |
| CVE-2026-47644 | MEDIUM | 6.5 | Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information … | Jun 04, 2026 |
| CVE-2026-45497 | HIGH | 7.7 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network. | Jun 04, 2026 |
| CVE-2026-42824 | MEDIUM | 6.5 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | Jun 04, 2026 |
| CVE-2026-20245 | HIGH | 7.8 | A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root … | Jun 04, 2026 |
| CVE-2026-11237 | HIGH | 8.3 | Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform … | Jun 04, 2026 |
| CVE-2026-11236 | HIGH | 8.3 | Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform … | Jun 04, 2026 |
| CVE-2026-11235 | HIGH | 8.8 | Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code … | Jun 04, 2026 |
| CVE-2026-11234 | MEDIUM | 4.3 | Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via … | Jun 04, 2026 |
| CVE-2026-11233 | MEDIUM | 4.7 | Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin … | Jun 04, 2026 |