Export limit exceeded: 363142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363142 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13789 | 1 Google | 1 Chrome | 2026-07-02 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13824 | 1 Google | 1 Chrome | 2026-07-02 | 7.5 High |
| Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-58465 | 2026-07-02 | 7.5 High | ||
| Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers. Attackers can target the registration endpoint over UDP without authentication, causing the server to repeatedly reallocate a growing accumulation buffer by appending each block payload without enforcing any maximum total size limit, resulting in denial of service through memory exhaustion. | ||||
| CVE-2026-58460 | 2026-07-02 | 7.7 High | ||
| react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name value containing dot-dot path components through a malicious ContentProvider. Attackers can fire an explicit ACTION_SEND intent at the consuming app's exported share-receiver activity to overwrite arbitrary files in the consuming app's private data directory, including databases, shared preferences, and cached configuration, with attacker-controlled content. | ||||
| CVE-2026-13835 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13845 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13870 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-58466 | 1 Estrellaxd | 1 Auto Bangumi | 2026-07-02 | 9.8 Critical |
| AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via add_default_user() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full control of the application, including RSS feed configuration, downloader configuration, and all authenticated API endpoints. | ||||
| CVE-2026-30689 | 1 Anjoy8 | 1 Blog.admin | 2026-07-02 | 4.3 Medium |
| In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service. | ||||
| CVE-2026-57766 | 2 Wordpress, Xplodedthemes | 2 Wordpress, Wpide - File Manager & Code Editor | 2026-07-02 | 8.8 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. | ||||
| CVE-2026-57759 | 2 Metagauss, Wordpress | 2 Profilegrid, Wordpress | 2026-07-02 | 8.8 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions. | ||||
| CVE-2026-57753 | 2026-07-02 | 5.3 Medium | ||
| Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions. | ||||
| CVE-2026-57747 | 2026-07-02 | 6.5 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions. | ||||
| CVE-2026-57688 | 2026-07-02 | 8.2 High | ||
| Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions. | ||||
| CVE-2026-57361 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions. | ||||
| CVE-2026-58381 | 1 Redhat | 1 Enterprise Linux | 2026-07-02 | 6.1 Medium |
| A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution. | ||||
| CVE-2026-57682 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions. | ||||
| CVE-2026-57674 | 2 Arraytics, Wordpress | 2 Timetics, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Timetics <= 1.0.58 versions. | ||||
| CVE-2026-14014 | 1 Google | 1 Chrome | 2026-07-02 | 6.5 Medium |
| Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-57625 | 2026-07-02 | 9.6 Critical | ||
| Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions. | ||||