Search CVE reports


Toggle filters

151 – 160 of 39349 results

Status is adjusted based on your filters.


CVE-2026-54696

Medium priority
Needs evaluation

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io)...

8 affected packages

ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...

Package 24.04 LTS
ruby2.3 Not in release
ruby2.5 Not in release
ruby2.7 Not in release
ruby3.0 Not in release
ruby3.2 Needs evaluation
ruby3.3 Not in release
jruby Needs evaluation
ruby-json Needs evaluation
Show all 8 packages Show less packages

CVE-2026-14156

Medium priority
Not affected

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page....

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14155

Medium priority
Not affected

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14154

Medium priority
Not affected

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security...

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14153

Medium priority
Not affected

Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14152

Medium priority
Not affected

Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security...

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14151

Medium priority
Not affected

Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security...

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14150

Medium priority
Not affected

Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium...

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14149

Medium priority
Not affected

Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-14148

Medium priority
Not affected

Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages