31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,201–1,250 of 8,161 in High · page 25 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-3917 | CVE-2026-3917 CVSS 8.8 | Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chr… |
| CVE-2026-3915 | CVE-2026-3915 CVSS 8.8 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page… |
| CVE-2026-3914 | CVE-2026-3914 CVSS 8.8 | Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Ch… |
| CVE-2026-3913 | CVE-2026-3913 CVSS 8.8 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2026-39110 | CVE-2026-39110 CVSS 8.2 | SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password… |
| CVE-2026-3910 | Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability KEVCVSS 8.8Google | Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to exec… |
| CVE-2026-3909 | Google Skia Out-of-Bounds Write Vulnerability KEVCVSS 8.8Google | Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. Th… |
| CVE-2026-38991 | CVE-2026-38991 CVSS 8.8 | Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasse… |
| CVE-2026-38949 | CVE-2026-38949 CVSS 8.9 | Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The appli… |
| CVE-2026-38934 | CVE-2026-38934 CVSS 8.8 | Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sens… |
| CVE-2026-3892 | CVE-2026-3892 CVSS 8.1 | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.… |
| CVE-2026-38651 | CVE-2026-38651 CVSS 8.2 | Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signatu… |
| CVE-2026-3857 | CVE-2026-3857 CVSS 8.8 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have al… |
| CVE-2026-38568 | CVE-2026-38568 CVSS 8.1 | HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> and /interview/<id>… |
| CVE-2026-38566 | CVE-2026-38566 CVSS 8.1 | HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /cand… |
| CVE-2026-3854 | CVE-2026-3854 CVSS 8.8 | An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a reposito… |
| CVE-2026-38532 | CVE-2026-38532 CVSS 8.1 | A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to … |
| CVE-2026-38530 | CVE-2026-38530 CVSS 8.1 | A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to a… |
| CVE-2026-38529 | CVE-2026-38529 CVSS 8.8 | A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrari… |
| CVE-2026-38527 | CVE-2026-38527 CVSS 8.5 | A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via sup… |
| CVE-2026-3847 | CVE-2026-3847 CVSS 8.8 | Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… |
| CVE-2026-3845 | CVE-2026-3845 CVSS 8.8 | Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2. |
| CVE-2026-3841 | CVE-2026-3841 CVSS 8.8 | A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficie… |
| CVE-2026-3838 | CVE-2026-3838 CVSS 8.8 | Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected inst… |
| CVE-2026-3830 | CVE-2026-3830 CVSS 8.6 | The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing u… |
| CVE-2026-3815 | CVE-2026-3815 CVSS 8.8 | A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation ca… |
| CVE-2026-3814 | CVE-2026-3814 CVSS 8.8 | A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry… |
| CVE-2026-3811 | CVE-2026-3811 CVSS 8.8 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the… |
| CVE-2026-3810 | CVE-2026-3810 CVSS 8.8 | A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation… |
| CVE-2026-3809 | CVE-2026-3809 CVSS 8.8 | A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a… |
| CVE-2026-3808 | CVE-2026-3808 CVSS 8.8 | A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Perform… |
| CVE-2026-3807 | CVE-2026-3807 CVSS 8.8 | A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such ma… |
| CVE-2026-3806 | CVE-2026-3806 CVSS 8.8 | A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. … |
| CVE-2026-3804 | CVE-2026-3804 CVSS 8.8 | A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSe… |
| CVE-2026-3803 | CVE-2026-3803 CVSS 8.8 | A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation… |
| CVE-2026-3802 | CVE-2026-3802 CVSS 8.8 | A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a man… |
| CVE-2026-3801 | CVE-2026-3801 CVSS 8.8 | A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing… |
| CVE-2026-3800 | CVE-2026-3800 CVSS 8.8 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add… |
| CVE-2026-3799 | CVE-2026-3799 CVSS 8.8 | A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 c… |
| CVE-2026-3797 | CVE-2026-3797 CVSS 8.8 | A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/… |
| CVE-2026-3793 | CVE-2026-3793 CVSS 8.8 | A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the … |
| CVE-2026-3792 | CVE-2026-3792 CVSS 8.8 | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET … |
| CVE-2026-3791 | CVE-2026-3791 CVSS 8.8 | A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php… |
| CVE-2026-3790 | CVE-2026-3790 CVSS 8.8 | A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_d… |
| CVE-2026-3789 | CVE-2026-3789 CVSS 8.8 | A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/provide… |
| CVE-2026-3788 | CVE-2026-3788 CVSS 8.8 | A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/s… |
| CVE-2026-3786 | CVE-2026-3786 CVSS 8.8 | A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Re… |
| CVE-2026-3785 | CVE-2026-3785 CVSS 8.8 | A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request… |
| CVE-2026-3772 | CVE-2026-3772 CVSS 8.8 | The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce veri… |
| CVE-2026-3771 | CVE-2026-3771 CVSS 8.8 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. S… |