31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 51–100 of 8,161 in High · page 2 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-9111 | CVE-2026-9111 CVSS 8.8 | Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromi… |
| CVE-2026-9089 | CVE-2026-9089 CVSS 8.8 | The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is a… |
| CVE-2026-9057 | CVE-2026-9057 CVSS 8.2 | A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio up… |
| CVE-2026-9018 | CVE-2026-9018 CVSS 8.8 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1… |
| CVE-2026-8992 | CVE-2026-8992 CVSS 8.8 | An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary cod… |
| CVE-2026-8975 | CVE-2026-8975 CVSS 8.8 | Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume th… |
| CVE-2026-8974 | CVE-2026-8974 CVSS 8.8 | Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effor… |
| CVE-2026-8973 | CVE-2026-8973 CVSS 8.8 | Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could h… |
| CVE-2026-8972 | CVE-2026-8972 CVSS 8.8 | Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8970 | CVE-2026-8970 CVSS 8.8 | Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8969 | CVE-2026-8969 CVSS 8.1 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8962 | CVE-2026-8962 CVSS 8.1 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8958 | CVE-2026-8958 CVSS 8.6 | Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderb… |
| CVE-2026-8957 | CVE-2026-8957 CVSS 8.8 | Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 14… |
| CVE-2026-8955 | CVE-2026-8955 CVSS 8.8 | Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8952 | CVE-2026-8952 CVSS 8.8 | Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8890 | CVE-2026-8890 CVSS 8.2 | code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a … |
| CVE-2026-8851 | CVE-2026-8851 CVSS 8.1 | SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to ex… |
| CVE-2026-8834 | CVE-2026-8834 CVSS 8.0 | IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulner… |
| CVE-2026-8776 | CVE-2026-8776 CVSS 8.8 | A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the compone… |
| CVE-2026-8775 | CVE-2026-8775 CVSS 8.8 | A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler… |
| CVE-2026-8719 | CVE-2026-8719 CVSS 8.8 | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missi… |
| CVE-2026-8711 | CVE-2026-8711 CVSS 8.1f5 | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, … |
| CVE-2026-8676 | CVE-2026-8676 CVSS 8.8 | An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond. |
| CVE-2026-8657 | CVE-2026-8657 CVSS 8.2 | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.p… |
| CVE-2026-8629 | CVE-2026-8629 CVSS 8.1 | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress … |
| CVE-2026-8621 | CVE-2026-8621 CVSS 8.8 | Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organization… |
| CVE-2026-8604 | CVE-2026-8604 CVSS 8.8 | In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in u… |
| CVE-2026-8587 | CVE-2026-8587 CVSS 8.8 | Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execu… |
| CVE-2026-8581 | CVE-2026-8581 CVSS 8.8 | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (C… |
| CVE-2026-8577 | CVE-2026-8577 CVSS 8.8 | Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page… |
| CVE-2026-8575 | CVE-2026-8575 CVSS 8.3 | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb… |
| CVE-2026-8574 | CVE-2026-8574 CVSS 8.3 | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially pe… |
| CVE-2026-8573 | CVE-2026-8573 CVSS 8.3 | Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted … |
| CVE-2026-8571 | CVE-2026-8571 CVSS 8.3 | Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process t… |
| CVE-2026-8569 | CVE-2026-8569 CVSS 8.3 | Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted v… |
| CVE-2026-8558 | CVE-2026-8558 CVSS 8.8 | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML p… |
| CVE-2026-8555 | CVE-2026-8555 CVSS 8.8 | Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromiu… |
| CVE-2026-8551 | CVE-2026-8551 CVSS 8.8 | Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execut… |
| CVE-2026-8549 | CVE-2026-8549 CVSS 8.8 | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-8548 | CVE-2026-8548 CVSS 8.3 | Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform… |
| CVE-2026-8544 | CVE-2026-8544 CVSS 8.8 | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-8542 | CVE-2026-8542 CVSS 8.3 | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially pe… |
| CVE-2026-8540 | CVE-2026-8540 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… |
| CVE-2026-8534 | CVE-2026-8534 CVSS 8.3 | Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to po… |
| CVE-2026-8533 | CVE-2026-8533 CVSS 8.3 | Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perf… |
| CVE-2026-8532 | CVE-2026-8532 CVSS 8.8 | Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-8531 | CVE-2026-8531 CVSS 8.8 | Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafte… |
| CVE-2026-8530 | CVE-2026-8530 CVSS 8.3 | Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially… |
| CVE-2026-8529 | CVE-2026-8529 CVSS 8.8 | Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted vide… |