Search CVE reports


Toggle filters

31 – 40 of 39796 results

Status is adjusted based on your filters.


CVE-2026-48801

Medium priority
Needs evaluation

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containing many fuzzy links or emails...

1 affected package

node-markdown-it

Package 24.04 LTS
node-markdown-it Needs evaluation
Show less packages

CVE-2026-48125

Medium priority
Needs evaluation

UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints...

1 affected package

node-ua-parser-js

Package 24.04 LTS
node-ua-parser-js Needs evaluation
Show less packages

CVE-2026-46644

Medium priority
Needs evaluation

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to...

1 affected package

php-symfony-polyfill

Package 24.04 LTS
php-symfony-polyfill Needs evaluation
Show less packages

CVE-2026-15778

Medium priority
Not affected

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML...

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-15777

Medium priority
Not affected

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium...

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-15776

Medium priority
Not affected

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-15775

Medium priority
Not affected

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-15774

Medium priority
Not affected

Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

2 affected packages

chromium-browser, libskia

Package 24.04 LTS
chromium-browser Not affected
libskia Not in release
Show less packages

CVE-2026-15773

Medium priority
Not affected

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2026-15772

Medium priority
Not affected

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security...

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages