| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-14389 | 0.00 | — | 0.00 | Jul 3, 2026 | Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14385 | 0.00 | — | 0.00 | Jul 3, 2026 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14412 | 0.00 | — | 0.00 | Jul 3, 2026 | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14420 | 0.00 | — | 0.00 | Jul 3, 2026 | Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-14418 | 0.00 | — | 0.00 | Jul 3, 2026 | Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14430 | 0.00 | — | 0.00 | Jul 3, 2026 | Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14392 | 0.00 | — | 0.00 | Jul 3, 2026 | Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14401 | 0.00 | — | 0.00 | Jul 3, 2026 | Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14384 | 0.00 | — | 0.00 | Jul 3, 2026 | Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14432 | 0.00 | — | 0.00 | Jul 3, 2026 | Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14414 | 0.00 | — | 0.00 | Jul 3, 2026 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-14402 | 0.00 | — | 0.00 | Jul 3, 2026 | Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14388 | 0.00 | — | 0.00 | Jul 3, 2026 | Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14428 | 0.00 | — | 0.00 | Jul 3, 2026 | Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14403 | 0.00 | — | 0.00 | Jul 3, 2026 | Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-14413 | 0.00 | — | 0.00 | Jul 3, 2026 | Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14381 | 0.00 | — | 0.00 | Jul 3, 2026 | Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14410 | 0.00 | — | 0.00 | Jul 3, 2026 | Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-14397 | 0.00 | — | 0.00 | Jul 3, 2026 | Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14425 | 0.00 | — | 0.00 | Jul 3, 2026 | Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14391 | 0.00 | — | 0.00 | Jul 3, 2026 | Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14431 | 0.00 | — | 0.00 | Jul 3, 2026 | Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14393 | 0.00 | — | 0.00 | Jul 3, 2026 | Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14404 | 0.00 | — | 0.00 | Jul 3, 2026 | Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium) | |||
| CVE-2026-14424 | 0.00 | — | 0.00 | Jul 3, 2026 | Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-14409 | 0.00 | — | 0.00 | Jul 3, 2026 | Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-14427 | 0.00 | — | 0.00 | Jul 3, 2026 | Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-14416 | 0.00 | — | 0.00 | Jul 3, 2026 | Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-14407 | 0.00 | — | 0.00 | Jul 3, 2026 | Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-14415 | 0.00 | — | 0.00 | Jul 3, 2026 | Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-55223 | 0.00 | — | 0.00 | Jul 3, 2026 | c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection() and ConnectionPoolDataSource.getPooledConnection() match the… | |||
| CVE-2026-4360 | 0.00 | — | 0.00 | Jul 3, 2026 | In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the… | |||
| CVE-2026-14544 | imp | 0.64 | 9.8 | 0.01 | Jul 3, 2026 | HPLIP: Incomplete Fix for CVE-2026-8631 | ||
| CVE-2026-58467 | imp | 0.42 | 7.5 | 0.00 | Jul 2, 2026 | cockpit: Cockpit CMS: Arbitrary file read and code execution via path traversal | ||
| CVE-2026-11946 | imp | 0.42 | 7.5 | 0.00 | Jul 2, 2026 | open62541: open62541: Denial of Service via unvalidated endpoint URL length | ||
| CVE-2026-55597 | 0.00 | — | 0.00 | Jul 2, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26. | |||
| CVE-2026-55595 | 0.00 | — | 0.00 | Jul 2, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions… | |||
| CVE-2026-55510 | 0.00 | — | 0.00 | Jul 2, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in… | |||
| CVE-2026-55594 | 0.00 | — | 0.00 | Jul 2, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in… | |||
| CVE-2026-55577 | 0.00 | — | 0.00 | Jul 2, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has… | |||
| CVE-2026-57963 | 0.00 | — | 0.00 | Jul 2, 2026 | An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1. | |||
| CVE-2026-57962 | 0.00 | — | 0.00 | Jul 2, 2026 | A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in… | |||
| CVE-2026-57585 | 0.00 | — | 0.00 | Jul 2, 2026 | MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash… | |||
| CVE-2026-57204 | 0.00 | — | 0.00 | Jul 2, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing… | |||
| CVE-2026-55688 | 0.00 | — | 0.00 | Jul 2, 2026 | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain… | |||
| CVE-2026-53346 | 0.00 | — | 0.00 | Jul 2, 2026 | In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES Due to a rustc bug [1] the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means… | |||
| CVE-2026-14258 | 0.00 | — | 0.00 | Jul 2, 2026 | A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation,… | |||
| CVE-2026-12480 | 0.00 | — | 0.00 | Jul 2, 2026 | Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and `file_editor.py` methods, which fail to check the `dataset.is_virtual` property… | |||
| CVE-2026-58451 | 0.00 | — | 0.00 | Jul 2, 2026 | Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the… | |||
| CVE-2026-52760 | 0.00 | — | 0.01 | Jul 2, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to… |
- CVE-2026-14389Jul 3, 2026risk 0.00cvss —epss 0.00
Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14385Jul 3, 2026risk 0.00cvss —epss 0.00
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14412Jul 3, 2026risk 0.00cvss —epss 0.00
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14420Jul 3, 2026risk 0.00cvss —epss 0.00
Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-14418Jul 3, 2026risk 0.00cvss —epss 0.00
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14430Jul 3, 2026risk 0.00cvss —epss 0.00
Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14392Jul 3, 2026risk 0.00cvss —epss 0.00
Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14401Jul 3, 2026risk 0.00cvss —epss 0.00
Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14384Jul 3, 2026risk 0.00cvss —epss 0.00
Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14432Jul 3, 2026risk 0.00cvss —epss 0.00
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14414Jul 3, 2026risk 0.00cvss —epss 0.00
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:…
- CVE-2026-14402Jul 3, 2026risk 0.00cvss —epss 0.00
Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14388Jul 3, 2026risk 0.00cvss —epss 0.00
Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14428Jul 3, 2026risk 0.00cvss —epss 0.00
Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14403Jul 3, 2026risk 0.00cvss —epss 0.00
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14413Jul 3, 2026risk 0.00cvss —epss 0.00
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14381Jul 3, 2026risk 0.00cvss —epss 0.00
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14410Jul 3, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14397Jul 3, 2026risk 0.00cvss —epss 0.00
Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14425Jul 3, 2026risk 0.00cvss —epss 0.00
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14391Jul 3, 2026risk 0.00cvss —epss 0.00
Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14431Jul 3, 2026risk 0.00cvss —epss 0.00
Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14393Jul 3, 2026risk 0.00cvss —epss 0.00
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14404Jul 3, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium)
- CVE-2026-14424Jul 3, 2026risk 0.00cvss —epss 0.00
Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-14409Jul 3, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14427Jul 3, 2026risk 0.00cvss —epss 0.00
Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-14416Jul 3, 2026risk 0.00cvss —epss 0.00
Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14407Jul 3, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-14415Jul 3, 2026risk 0.00cvss —epss 0.00
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-55223Jul 3, 2026risk 0.00cvss —epss 0.00
c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection() and ConnectionPoolDataSource.getPooledConnection() match the…
- CVE-2026-4360Jul 3, 2026risk 0.00cvss —epss 0.00
In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the…
- risk 0.64cvss 9.8epss 0.01
HPLIP: Incomplete Fix for CVE-2026-8631
- risk 0.42cvss 7.5epss 0.00
cockpit: Cockpit CMS: Arbitrary file read and code execution via path traversal
- risk 0.42cvss 7.5epss 0.00
open62541: open62541: Denial of Service via unvalidated endpoint URL length
- CVE-2026-55597Jul 2, 2026risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26.
- CVE-2026-55595Jul 2, 2026risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components option an infinite loop will occur. This issue has been fixed in versions…
- CVE-2026-55510Jul 2, 2026risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a specific format string a use-after-free will occur. This issue has been fixed in…
- CVE-2026-55594Jul 2, 2026risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in…
- CVE-2026-55577Jul 2, 2026risk 0.00cvss —epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has…
- CVE-2026-57963Jul 2, 2026risk 0.00cvss —epss 0.00
An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.
- CVE-2026-57962Jul 2, 2026risk 0.00cvss —epss 0.00
A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in…
- CVE-2026-57585Jul 2, 2026risk 0.00cvss —epss 0.00
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash…
- CVE-2026-57204Jul 2, 2026risk 0.00cvss —epss 0.00
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing…
- CVE-2026-55688Jul 2, 2026risk 0.00cvss —epss 0.00
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain…
- CVE-2026-53346Jul 2, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES Due to a rustc bug [1] the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means…
- CVE-2026-14258Jul 2, 2026risk 0.00cvss —epss 0.00
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation,…
- CVE-2026-12480Jul 2, 2026risk 0.00cvss —epss 0.00
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and `file_editor.py` methods, which fail to check the `dataset.is_virtual` property…
- CVE-2026-58451Jul 2, 2026risk 0.00cvss —epss 0.00
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the…
- CVE-2026-52760Jul 2, 2026risk 0.00cvss —epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to…