🚨 CVE-2026-15126
Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and Mac and 150.0.7871.114 for Linux, which will roll out over the c...
🚨 CVE-2026-15127
Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and Mac and 150.0.7871.114 for Linux, which will roll out over the c...
🚨 CVE-2026-15129
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
🎖@cveNotify
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and Mac and 150.0.7871.114 for Linux, which will roll out over the c...
🚨 CVE-2026-15130
Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and Mac and 150.0.7871.114 for Linux, which will roll out over the c...
🚨 CVE-2026-15131
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
🎖@cveNotify
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and Mac and 150.0.7871.114 for Linux, which will roll out over the c...
🚨 CVE-2026-15132
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and Mac and 150.0.7871.114 for Linux, which will roll out over the c...
🚨 CVE-2026-15133
Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.114/.115 for Windows and Mac and 150.0.7871.114 for Linux, which will roll out over the c...
🚨 CVE-2025-15366
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
🎖@cveNotify
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
🎖@cveNotify
GitHub
[3.14] gh-143921: Reject NUL, CR and LF in IMAP commands (GH-143922, … · python/cpython@2981822
…GH-153067) (GH-153137)
Combined backport of GH-143922, which rejected all control characters,
and GH-153067, which narrowed the check to NUL, CR and LF. Other
control characters are valid in quo...
Combined backport of GH-143922, which rejected all control characters,
and GH-153067, which narrowed the check to NUL, CR and LF. Other
control characters are valid in quo...
🚨 CVE-2026-3564
A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.
🎖@cveNotify
A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.
🎖@cveNotify
ConnectWise
ScreenConnect™ 26.1 Security Hardening | Security Bulletin
ConnectWise has released a security update for ScreenConnect™ that addresses issues related to how server-level cryptographic material is protected. Read more in this security bulletin.
🚨 CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
🎖@cveNotify
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
🎖@cveNotify
🚨 CVE-2026-20213
A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations.
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
🚨 CVE-2026-20214
A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations.
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
🚨 CVE-2026-20215
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations.
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
🚨 CVE-2026-20216
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
🎖@cveNotify
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations.
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
🚨 CVE-2026-20217
A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations.
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
🚨 CVE-2026-20243
A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations.
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
🚨 CVE-2026-20244
A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
🎖@cveNotify
Cisco
Cisco Security Advisory: ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations.
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
For more information about these vulnerabilities, see the Details section of this advisory.
For additional information…
🚨 CVE-2026-14265
Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a crafted serialized Java object. The RemoteQueryCachePlugin uses ObjectInputStream without class filtering when deserializing cached query results from Redis or Valkey, enabling gadget chain execution when cache entries are poisoned.
We recommend upgrading to AWS Advanced JDBC Wrapper version 4.0.1 or later.
🎖@cveNotify
Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a crafted serialized Java object. The RemoteQueryCachePlugin uses ObjectInputStream without class filtering when deserializing cached query results from Redis or Valkey, enabling gadget chain execution when cache entries are poisoned.
We recommend upgrading to AWS Advanced JDBC Wrapper version 4.0.1 or later.
🎖@cveNotify
🚨 CVE-2026-55116
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
🎖@cveNotify
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
🎖@cveNotify
🚨 CVE-2025-13475
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing.
This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.
🎖@cveNotify
In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing.
This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.
🎖@cveNotify
Wso2
Security Advisory WSO2-2025-1613/CVE-2025-13475
Documentation for WSO2 Security and Compliance
🚨 CVE-2026-57256
When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary pointers, resulting in accessing internal members of invalid or improperly initialized fields. This led to an illegal pointer read, ultimately causing the application to crash.
🎖@cveNotify
When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary pointers, resulting in accessing internal members of invalid or improperly initialized fields. This led to an illegal pointer read, ultimately causing the application to crash.
🎖@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.