Export limit exceeded: 366715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366715 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13880 | 1 Google | 1 Chrome | 2026-07-16 | 9.6 Critical |
| Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13881 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13887 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Inappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-15445 | 2 Cleverplugins, Wordpress | 2 Seo Booster, Wordpress | 2026-07-16 | 4.9 Medium |
| The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Although esc_sql() and sanitize_text_field() are applied, neither neutralizes SQL keywords, commas, parentheses, or subquery syntax in an unquoted ORDER BY context, leaving the clause fully attacker-controlled. | ||||
| CVE-2026-15925 | 2026-07-16 | 7.4 High | ||
| Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by intercepting or redirecting network traffic and presenting a certificate signed by any trusted CA for any domain, causing the connector to accept connections without validating that the certificate matched the requested hostname. Successful exploitation requires an on-path traffic interception capability (e.g. ARP/DNS poisoning, rogue access point, BGP hijacking, or malicious proxy/exit node). This vulnerability may have exposed credentials, query data, and staged file contents to interception and tampering, and may have enabled the attacker to issue arbitrary SQL within the context of the victim's connector session. Impact is limited by the privileges of the affected Snowflake role. The fix is available in Snowflake Connector for Python versions 4.7.1 and 3.18.1. Users must manually upgrade. | ||||
| CVE-2026-12978 | 2026-07-16 | 7.1 High | ||
| The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted page. The affected action is only registered when the Divi /builder is active. | ||||
| CVE-2026-3842 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-07-16 | 7.8 High |
| A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service. | ||||
| CVE-2026-12979 | 2026-07-16 | 5.5 Medium | ||
| The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable other FunnelKit WordPress plugin before 3.15.0.6 or (denial of service). | ||||
| CVE-2026-3014 | 2026-07-16 | 9.1 Critical | ||
| Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service. | ||||
| CVE-2026-15106 | 2 Quantumcloud, Wordpress | 2 Wpbot – Ai Chatbot For Live Support, Lead Generation, Ai Services, Wordpress | 2026-07-16 | 5.3 Medium |
| The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to delete arbitrary chat session records from the wpbot_user and wpbot_conversation tables, including chat history and conversation logs, by supplying a crafted userid value. | ||||
| CVE-2026-59249 | 1 Elixir-mint | 1 Mint | 2026-07-16 | N/A |
| Inconsistent interpretation of HTTP requests (HTTP response smuggling) vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests that share the connection. The Mint.HTTP1.decode_body/5 function in lib/mint/http1.ex parses the chunk-size line of a Transfer-Encoding: chunked response with Integer.parse(data, 16). RFC 7230 defines chunk-size = 1*HEXDIG and forbids any sign prefix, but Integer.parse/2 accepts an optional leading + or -. A chunk-size line of +5 is accepted as a five-byte chunk; lines of +0 and -0 are accepted as the terminating zero-length chunk and end the message body early. An RFC-strict intermediary in the response path rejects these forms, so the intermediary and the Mint client disagree on where one response ends and the next begins. On a pooled keep-alive connection, an attacker-influenced origin can inject bytes that the client attributes to the next legitimate response on the same connection, poisoning the response queue and corrupting the responses returned to unrelated in-flight requests. This issue affects mint: from 0.1.0 before 1.9.3. | ||||
| CVE-2026-13755 | 2 Tickera, Wordpress | 2 Tickera – Sell Tickets & Manage Events, Wordpress | 2026-07-16 | 6.4 Medium |
| The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Successful execution of the injected script is limited to victims who have the referenced ticket ID present in their cart cookie, meaning the payload only fires for users who have previously added that ticket to their cart. | ||||
| CVE-2026-15610 | 2 Quantumcloud, Wordpress | 2 Wpbot – Ai Chatbot For Live Support, Lead Generation, Ai Services, Wordpress | 2026-07-16 | 4.3 Medium |
| The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger arbitrary re-embedding of stored RAG documents, modifying the rag_documents table and consuming the site owner's paid third-party AI API credits (OpenAI, Gemini, OpenRouter, or xAI). | ||||
| CVE-2026-15099 | 2026-07-16 | 6.4 Medium | ||
| The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sanitization and output escaping in the wrap_direction_text() function, which interpolates the user-supplied href value from nested link nodes ($node['props']['href']) directly into an anchor tag via sprintf() at line 1627 without esc_url() or any URL scheme validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts (including javascript: URIs) in pages that will execute whenever a user (such as an editor or administrator previewing the pending post) accesses an injected page and clicks the malicious link. | ||||
| CVE-2026-12869 | 2026-07-16 | 6.1 Medium | ||
| The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide, injecting JavaScript that executes in the session of any visitor or administrator who loads the site. | ||||
| CVE-2026-6423 | 2026-07-16 | N/A | ||
| A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel. | ||||
| CVE-2026-11371 | 2026-07-16 | 6.1 Medium | ||
| The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browser of any visitor who views the affected page, including administrators. | ||||
| CVE-2026-58078 | 2026-07-16 | N/A | ||
| The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection. | ||||
| CVE-2026-13894 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13896 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||