|
721
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard …
New
|
CWE-776
XML Entity Expansion
|
CVE-2026-44020
|
2026-06-26 03:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
722
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured authentication header (default: X-WEBAUTH-USER) direc…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-25119
|
2026-06-26 03:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
723
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
New
|
CWE-89
SQL Injection
|
CVE-2025-61027
|
2026-06-26 03:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
724
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a cr…
New
|
CWE-416
Use After Free
|
CVE-2026-13029
|
2026-06-26 03:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
725
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi…
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-13030
|
2026-06-26 03:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
726
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-13031
|
2026-06-26 03:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
727
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri…
New
|
CWE-416
Use After Free
|
CVE-2026-13032
|
2026-06-26 03:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
728
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:…
New
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-13033
|
2026-06-26 03:11 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
729
|
8.8 |
HIGH
Network
|
-
|
-
|
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the J…
New
|
CWE-862
Missing Authorization
|
CVE-2026-56115
|
2026-06-26 02:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
730
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirect_to parameters can bypass validation, allowing redirec…
New
|
CWE-601
Open Redirect
|
CVE-2026-52802
|
2026-06-26 02:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
