CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-13024
Medium

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2026-13023
Medium

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13022
Medium

An inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

CVE-2026-13021
Medium

An inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

CVE-2026-12760
Medium

A DoS vulnerability in Tapo C200 v3 camera stems from improper handling of fragmented IPv4 packets. An unauthenticated adjacent attacker can send crafted packets causing excessive resource consumption and device instability.

CVE-2025-60471
Medium

A use-after-free vulnerability was found in the GPAC/MP4Box library before version 26.02.0 in the gf_filter_pid_reconfigure_task_discard function in filter_pid.c. An attacker can cause a Denial of Service (DoS) by supplying a crafted media file.

CVE-2026-54686
Medium

Warp is a development environment that from versions 0.2021.04.25.23.05.stable_00 to 0.2026.05.06.15.42.stable_01 accepted unverified terminal lifecycle hooks from the PTY stream. An attacker could spoof selected lifecycle metadata, potentially exposing sensitive information.

CVE-2026-48789
Medium

The AnythingLLM application prior to version 1.13.0 on Windows allowed the use of an encoded absolute path to the documents folder, potentially leading to access to files outside the intended documents directory.

CVE-2026-44022
Medium

A vulnerability in Docling from version 2.73.0 to 2.91.0 allows attackers to read arbitrary files from the file system via crafted LaTeX documents. Lack of path validation in \includegraphics, \input, and \include commands enables path traversal sequences, potentially leading to sensitive data exposure.

CVE-2026-54905
Medium

In concurrent-ruby up to version 1.3.6, a vulnerability allows incorrect granting of a write lock after one thread acquires the read lock 32,768 times. The lock stores thread-local read and write hold counts in one integer, where the low 15 bits are for read count and bit 15 is for WRITE_LOCK_HELD. After exceeding this threshold, the read count overflows into the write-lock bit, causing try_write_lock to incorrectly return true without setting the global RUNNING_WRITER bit.

CVE-2026-53128
Medium

In the Linux kernel, the DRBD driver has an RCU call imbalance in drbd_adm_dump_devices(). The function calls rcu_read_unlock() without a preceding rcu_read_lock(), which can lead to incorrect RCU behavior.

CVE-2026-53059
Medium

In the Linux kernel, a vulnerability in the dm log module allows an out-of-bounds write due to a 32-bit unsigned int overflow in region_count when using dm_sector_div_up() which returns 64-bit sector_t. This results in undersized heap buffers and subsequent heap memory corruption.

CVE-2026-50712
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component.

CVE-2026-50711
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component.

CVE-2026-50710
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component.

CVE-2026-50709
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel.

CVE-2026-50708
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component.

CVE-2026-50705
Medium

A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.

CVE-2026-50704
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer.

CVE-2026-50703
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer.

PreviousPage 70 of 542Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS