31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 451–500 of 8,161 in High · page 10 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-5866 | CVE-2026-5866 CVSS 8.8 | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (… |
| CVE-2026-5865 | CVE-2026-5865 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… |
| CVE-2026-5863 | CVE-2026-5863 CVSS 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… |
| CVE-2026-5862 | CVE-2026-5862 CVSS 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… |
| CVE-2026-5861 | CVE-2026-5861 CVSS 8.8 | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… |
| CVE-2026-5860 | CVE-2026-5860 CVSS 8.8 | Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-5859 | CVE-2026-5859 CVSS 8.8 | Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Ch… |
| CVE-2026-5858 | CVE-2026-5858 CVSS 8.8 | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se… |
| CVE-2026-5843 | CVE-2026-5843 CVSS 8.2docker | The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model… |
| CVE-2026-5830 | CVE-2026-5830 CVSS 8.8 | A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the a… |
| CVE-2026-5817 | CVE-2026-5817 CVSS 8.2docker | The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sa… |
| CVE-2026-5816 | CVE-2026-5816 CVSS 8.1 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthentic… |
| CVE-2026-5815 | CVE-2026-5815 CVSS 8.8 | A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation result… |
| CVE-2026-5804 | CVE-2026-5804 CVSS 8.4 | An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to… |
| CVE-2026-5786 | CVE-2026-5786 CVSS 8.8 | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain adminis… |
| CVE-2026-5785 | CVE-2026-5785 CVSS 8.1 | Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injecti… |
| CVE-2026-5784 | CVE-2026-5784 CVSS 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allow… |
| CVE-2026-5781 | CVE-2026-5781 CVSS 8.8 | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user mo… |
| CVE-2026-5780 | CVE-2026-5780 CVSS 8.1 | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability… |
| CVE-2026-5779 | CVE-2026-5779 CVSS 8.8 | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows… |
| CVE-2026-5733 | CVE-2026-5733 CVSS 8.8 | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. |
| CVE-2026-5732 | CVE-2026-5732 CVSS 8.8 | Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderb… |
| CVE-2026-5726 | CVE-2026-5726 CVSS 8.4 | ASDA-Soft Stack-based Buffer Overflow Vulnerability |
| CVE-2026-5718 | CVE-2026-5718 CVSS 8.1 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7… |
| CVE-2026-5712 | CVE-2026-5712 CVSS 8.8 | This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definit… |
| CVE-2026-5709 | CVE-2026-5709 CVSS 8.8 | Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated act… |
| CVE-2026-5708 | CVE-2026-5708 CVSS 8.8 | Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could… |
| CVE-2026-5707 | CVE-2026-5707 CVSS 8.8 | Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01… |
| CVE-2026-5687 | CVE-2026-5687 CVSS 8.8 | A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This mani… |
| CVE-2026-5686 | CVE-2026-5686 CVSS 8.8 | A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The ma… |
| CVE-2026-5685 | CVE-2026-5685 CVSS 8.8 | A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the arg… |
| CVE-2026-5684 | CVE-2026-5684 CVSS 8.0 | A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFi… |
| CVE-2026-5683 | CVE-2026-5683 CVSS 8.0 | A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Perfo… |
| CVE-2026-5629 | CVE-2026-5629 CVSS 8.8 | A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulat… |
| CVE-2026-5628 | CVE-2026-5628 CVSS 8.8 | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings … |
| CVE-2026-5617 | CVE-2026-5617 CVSS 8.8 | The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_a… |
| CVE-2026-5614 | CVE-2026-5614 CVSS 8.8 | A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation o… |
| CVE-2026-5613 | CVE-2026-5613 CVSS 8.8 | A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the ar… |
| CVE-2026-5612 | CVE-2026-5612 CVSS 8.8 | A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a … |
| CVE-2026-5611 | CVE-2026-5611 CVSS 8.8 | A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipu… |
| CVE-2026-5610 | CVE-2026-5610 CVSS 8.8 | A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation o… |
| CVE-2026-5609 | CVE-2026-5609 CVSS 8.8 | A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the compone… |
| CVE-2026-5608 | CVE-2026-5608 CVSS 8.8 | A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argum… |
| CVE-2026-5605 | CVE-2026-5605 CVSS 8.8 | A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of th… |
| CVE-2026-5604 | CVE-2026-5604 CVSS 8.8 | A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate o… |
| CVE-2026-5577 | CVE-2026-5577 CVSS 8.6 | A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquema… |
| CVE-2026-5567 | CVE-2026-5567 CVSS 8.8 | A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Dest… |
| CVE-2026-5566 | CVE-2026-5566 CVSS 8.8 | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a… |
| CVE-2026-5550 | CVE-2026-5550 CVSS 8.8 | A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation l… |
| CVE-2026-5548 | CVE-2026-5548 CVSS 8.8 | A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Pe… |