CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-55794
High

Craft CMS versions 5.9.0 through 5.10.0 contain a vulnerability where control panel users with entry editing permissions can execute unsandboxed Twig code via the HTTP Referrer header, leading to authenticated remote code execution (RCE). The issue occurs when saving entries, as the signed redirect URL string is compiled as a Twig template without sandboxing.

CVE-2026-55792
Medium

A vulnerability in Craft CMS allows users with system email template editing permissions to read server files, including the .env file containing passwords and API keys. An attacker can escalate to full admin account takeover by forging session tokens.

CVE-2026-55791
Medium

Craft CMS versions 4.0.0-RC1 through 4.18.0 and 5.0.0-RC1 through 5.10.0 are vulnerable to SSRF and arbitrary JavaScript injection via the /actions/app/resource-js endpoint. An attacker can poison the Host or X-Forwarded-Host header to bypass URL validation and force the Guzzle client to fetch a malicious payload from an external server.

CVE-2026-50280
Medium

In Craft CMS versions 5.0.0-RC1 through 5.9.20, a vulnerability exists due to improper authorization in the EntriesController::actionMoveToSection() endpoint. An authenticated low-privileged user can move an entry to a section where they have only read access without the required write permissions, breaking the section-level authorization model.

CVE-2026-50279
High

In Craft CMS versions 5.0.0-RC1 through 5.9.20, a vulnerability allows bypassing permission checks when saving entries. A low-privileged user can change the author of an entry to another user without the required permissions, leading to authorship spoofing.

CVE-2026-55790
High

In Craft CMS versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can inject a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget's 'Give feedback' screen and searches for a term that returns the poisoned issue, the payload executes in the admin's control panel session.

CVE-2026-50284
High

In Craft CMS versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, the folder deletion function does not enforce peer asset deletion permissions. A low-privilege user can delete folders and all contained assets, including those uploaded by other users.

CVE-2026-50283
Medium

Craft CMS has an authorization issue in AssetsController::actionReplaceFile that allows an authenticated user to delete a source asset without source delete permission. Affected versions are 5.0.0-RC1 through 5.9.20 and 4.0.0-RC1 through 4.17.13.

CVE-2026-14440
Medium

A vulnerability in Cloudflare Universal SSL allows bypassing strict CAA records with accounturi or validationmethods parameters (RFC 8657) during TLS certificate issuance. The auto-managed CAA RRset overrides customer configuration, potentially enabling an attacker to obtain a trusted certificate for the victim's domain.

CVE-2026-14439
Critical

A path traversal vulnerability in the Git Service component of Altium Enterprise Server and Altium 365 allows an authenticated user with basic git access to move arbitrary files outside the intended repository area. This can lead to remote code execution under the Git Service account by placing attacker-controlled scripts into directories executed by the service.

CVE-2026-14432
High

A use-after-free vulnerability was found in the V8 engine of Google Chrome prior to version 150.0.7871.46. A remote attacker can exploit a crafted HTML page to execute arbitrary code within the sandbox environment.

CVE-2026-14431
High

A type confusion vulnerability in the V8 engine of Google Chrome prior to version 150.0.7871.46 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The issue is rated as high severity.

CVE-2026-14430
High

An integer overflow in the V8 JavaScript engine in Google Chrome prior to version 150.0.7871.46 allows a remote attacker to execute arbitrary code within the sandbox by crafting a malicious HTML page.

CVE-2026-14429
High

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14428
High

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14427
High

A heap buffer overflow vulnerability in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The issue has a critical severity rating according to Chromium.

CVE-2026-14426
High

A Use-After-Free vulnerability in the V8 engine of Google Chrome prior to version 150.0.7871.46 allows a remote attacker, after convincing a user to perform specific UI gestures, to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-14425
Critical

A use-after-free vulnerability in the ANGLE component of Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-14424
Critical

A use-after-free vulnerability exists in the Dawn component of Google Chrome on Mac prior to version 150.0.7871.46. A remote attacker could exploit a crafted HTML page to potentially achieve a sandbox escape.

CVE-2026-14423
Critical

A Type Confusion vulnerability in the Tint component of Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The issue is rated as High severity.

PreviousPage 29 of 4500Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS