CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2026-54696
Low

A heap buffer overflow vulnerability in Ruby JSON versions 2.9.0 through 2.19.8 occurs when generating JSON for an oversized streamed object. An attacker can provide a controlled string near 16 KB, causing writes past the internal JSON generator buffer.

CVE-2026-54673
High

A vulnerability in electron-updater prior to version 9.7.0 allows credential leakage during HTTP redirects. The redirect handler only stripped the lowercase 'authorization' header, leaving other credential-bearing headers like 'PRIVATE-TOKEN' and mixed-case 'Authorization' exposed, potentially forwarding them to attacker-controlled cross-origin destinations.

CVE-2026-54672
High

A vulnerability in electron-updater prior to 26.15.0 allows an empty path component in the LD_LIBRARY_PATH environment variable, adding the current working directory to the dynamic linker search path. An attacker can execute arbitrary code by placing a malicious shared library in the directory from which the AppImage is launched.

CVE-2026-52198
High

A buffer overflow vulnerability has been discovered in the UTT nv518G device running firmware version nv518GV3v3.2.7-210919-161313. A remote attacker can exploit the gohead/sub_425994 component to cause a denial of service (DoS).

CVE-2026-52197
High

A vulnerability in the UTT nv518G router running firmware version nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service (DoS) via the gohead/sub_44af70 component.

CVE-2026-52195
High

A buffer overflow vulnerability has been discovered in the UTT nv518G device running firmware version nv518GV3v3.2.7-210919-161313. A remote attacker can exploit this flaw in the gohead/sub_472f08 component to cause a denial of service (DoS).

CVE-2026-52193
High

A buffer overflow vulnerability has been found in the UTT nv518G device running firmware version nv518GV3v3.2.7-210919-161313. A remote attacker can exploit the gohead/sub_447CAC component to cause a denial of service (DoS).

CVE-2026-50110
Critical

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services stored in a configuration file. Although the credentials are encoded, the encoding can be reversed to plaintext.

CVE-2026-50040
Medium

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application.

CVE-2026-28322
Medium

A stored cross-site scripting (XSS) vulnerability was found in SolarWinds Database Performance Analyzer. Exploitation can lead to unintended script execution in the user's browser context.

CVE-2026-14156
Medium

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

CVE-2026-14155
Medium

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2026-14154
Medium

An inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.

CVE-2026-14153
Medium

An inappropriate implementation in the Glic component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.

CVE-2026-14152
Critical

An out-of-bounds read and write vulnerability in the ANGLE component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14151
High

Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-14150
Medium

Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-14149
High

A Use-After-Free vulnerability in the Audio component of Google Chrome on Linux prior to version 150.0.7871.47 allows a remote attacker to execute arbitrary code via a crafted HTML page. The issue is rated as Low severity by the Chromium security team.

CVE-2026-14148
Medium

A Type Confusion vulnerability in the CSS component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-14147
Medium

An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The issue is rated as low severity.

PreviousPage 263 of 4738Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS