Export limit exceeded: 365367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365367 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44767 | 2026-07-14 | 6.1 Medium | ||
| setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a <link rel=stylesheet> element, even when no <meta name=sap-allowed-theme-origins> tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL parameter.Exploitation requires attacker-influenced input (e.g., a URL query parameter, tenant configuration, or user-supplied setting) to reach setThemeRoot(). A successful exploit allows an attacker to inject arbitrary CSS into the victim page, enabling:- UI redressing and clickjacking- Phishing overlays- Visual defacement- Limited data exfiltration via CSS attribute selectors targeting predictable DOM content | ||||
| CVE-2026-15678 | 1 Code-projects | 1 Online Job Portal | 2026-07-14 | 3.5 Low |
| A security vulnerability has been detected in code-projects Online Job Portal 1.0. This impacts an unknown function of the file /Admin/DetailJob.php. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-35552 | 2026-07-14 | 8.1 High | ||
| In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's license. | ||||
| CVE-2026-39179 | 1 Alinto | 1 Sogo | 2026-07-14 | 6.3 Medium |
| A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality. | ||||
| CVE-2026-51535 | 1 Eipstackgroup | 1 Opener | 2026-07-14 | 7.5 High |
| In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its network processing loop. | ||||
| CVE-2026-36027 | 2026-07-14 | 6.8 Medium | ||
| An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge components | ||||
| CVE-2026-36028 | 2026-07-14 | 6.8 Medium | ||
| A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset | ||||
| CVE-2026-56843 | 1 Webpros | 1 Plesk | 2026-07-14 | 9.9 Critical |
| Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results in cross-tenant disclosure of other tenants' FTP credentials stored in cleartext, which can be leveraged to execute code as another tenant's system user. | ||||
| CVE-2026-56437 | 1 Fujielectric | 1 Pupsman | 2026-07-14 | N/A |
| Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege. | ||||
| CVE-2026-57239 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-07-14 | 8.2 High |
| The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM. | ||||
| CVE-2026-15675 | 1 Code-projects | 1 Online Job Portal | 2026-07-14 | 7.3 High |
| A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-15672 | 1 Itsourcecode | 1 Electronic Judging System | 2026-07-14 | 6.3 Medium |
| A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/add_judges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-15132 | 1 Google | 1 Chrome | 2026-07-14 | 8.8 High |
| Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15133 | 1 Google | 1 Chrome | 2026-07-14 | 8.8 High |
| Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15109 | 1 Google | 1 Chrome | 2026-07-14 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15110 | 1 Google | 1 Chrome | 2026-07-14 | 8.8 High |
| Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-15111 | 1 Google | 1 Chrome | 2026-07-14 | 7.5 High |
| Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15115 | 1 Google | 1 Chrome | 2026-07-14 | 3.3 Low |
| Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15116 | 1 Google | 1 Chrome | 2026-07-14 | 8.8 High |
| Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15118 | 1 Google | 1 Chrome | 2026-07-14 | 8.8 High |
| Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||