31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 101–150 of 8,161 in High · page 3 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-8527 | CVE-2026-8527 CVSS 8.8 | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a craf… |
| CVE-2026-8526 | CVE-2026-8526 CVSS 8.8 | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … |
| CVE-2026-8525 | CVE-2026-8525 CVSS 8.3 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted H… |
| CVE-2026-8524 | CVE-2026-8524 CVSS 8.8 | Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTM… |
| CVE-2026-8523 | CVE-2026-8523 CVSS 8.3 | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a san… |
| CVE-2026-8522 | CVE-2026-8522 CVSS 8.8 | Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chrom… |
| CVE-2026-8520 | CVE-2026-8520 CVSS 8.3 | Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium … |
| CVE-2026-8519 | CVE-2026-8519 CVSS 8.8 | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted … |
| CVE-2026-8518 | CVE-2026-8518 CVSS 8.8 | Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-8517 | CVE-2026-8517 CVSS 8.8 | Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gest… |
| CVE-2026-8515 | CVE-2026-8515 CVSS 8.3 | Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially … |
| CVE-2026-8514 | CVE-2026-8514 CVSS 8.3 | Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a san… |
| CVE-2026-8513 | CVE-2026-8513 CVSS 8.3 | Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially p… |
| CVE-2026-8512 | CVE-2026-8512 CVSS 8.3 | Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to poten… |
| CVE-2026-8509 | CVE-2026-8509 CVSS 8.8 | Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … |
| CVE-2026-8434 | CVE-2026-8434 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security… |
| CVE-2026-8433 | CVE-2026-8433 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team ga… |
| CVE-2026-8432 | CVE-2026-8432 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave… |
| CVE-2026-8430 | CVE-2026-8430 CVSS 8.1 | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attac… |
| CVE-2026-8429 | CVE-2026-8429 CVSS 8.8 | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context… |
| CVE-2026-8428 | CVE-2026-8428 CVSS 8.8 | Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method i… |
| CVE-2026-8427 | CVE-2026-8427 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id). The Concrete CMS… |
| CVE-2026-8426 | CVE-2026-8426 CVSS 8.8 | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An atta… |
| CVE-2026-8421 | CVE-2026-8421 CVSS 8.8 | Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/controllers/single_page/dashboard/extend/install.php. A… |
| CVE-2026-8417 | CVE-2026-8417 CVSS 8.8 | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() metho… |
| CVE-2026-8416 | CVE-2026-8416 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS se… |
| CVE-2026-8415 | CVE-2026-8415 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS sec… |
| CVE-2026-8414 | CVE-2026-8414 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team g… |
| CVE-2026-8413 | CVE-2026-8413 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team … |
| CVE-2026-8412 | CVE-2026-8412 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team … |
| CVE-2026-8411 | CVE-2026-8411 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team … |
| CVE-2026-8410 | CVE-2026-8410 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security … |
| CVE-2026-8409 | CVE-2026-8409 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team … |
| CVE-2026-8350 | CVE-2026-8350 CVSS 8.8 | Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Gr… |
| CVE-2026-8346 | CVE-2026-8346 CVSS 8.8 | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_addr… |
| CVE-2026-8345 | CVE-2026-8345 CVSS 8.8 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/sing… |
| CVE-2026-8344 | CVE-2026-8344 CVSS 8.8 | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.… |
| CVE-2026-8264 | CVE-2026-8264 CVSS 8.8 | A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the co… |
| CVE-2026-8260 | CVE-2026-8260 CVSS 8.8 | A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service o… |
| CVE-2026-8234 | CVE-2026-8234 CVSS 8.8 | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasic… |
| CVE-2026-8230 | CVE-2026-8230 CVSS 8.8 | A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of th… |
| CVE-2026-8229 | CVE-2026-8229 CVSS 8.8 | A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipula… |
| CVE-2026-8228 | CVE-2026-8228 CVSS 8.8 | A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of … |
| CVE-2026-8227 | CVE-2026-8227 CVSS 8.8 | A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os c… |
| CVE-2026-8201 | CVE-2026-8201 CVSS 8.8 | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_s… |
| CVE-2026-8192 | CVE-2026-8192 CVSS 8.8 | A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a … |
| CVE-2026-8191 | CVE-2026-8191 CVSS 8.8 | A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the a… |
| CVE-2026-8190 | CVE-2026-8190 CVSS 8.8 | A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of … |
| CVE-2026-8189 | CVE-2026-8189 CVSS 8.8 | A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipu… |
| CVE-2026-8188 | CVE-2026-8188 CVSS 8.8 | A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation o… |