31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 201–250 of 8,161 in High · page 5 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-7905 | CVE-2026-7905 CVSS 8.3 | Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the render… |
| CVE-2026-7903 | CVE-2026-7903 CVSS 8.8 | Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted… |
| CVE-2026-7902 | CVE-2026-7902 CVSS 8.8 | Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT… |
| CVE-2026-7901 | CVE-2026-7901 CVSS 8.8 | Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … |
| CVE-2026-7900 | CVE-2026-7900 CVSS 8.3 | Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform… |
| CVE-2026-7899 | CVE-2026-7899 CVSS 8.8 | Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… |
| CVE-2026-7898 | CVE-2026-7898 CVSS 8.8 | Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic… |
| CVE-2026-7896 | CVE-2026-7896 CVSS 8.8 | Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Ch… |
| CVE-2026-7875 | CVE-2026-7875 CVSS 8.8 | NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a c… |
| CVE-2026-7841 | CVE-2026-7841 CVSS 8.8 | A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can ex… |
| CVE-2026-7819 | CVE-2026-7819 CVSS 8.1 | Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolv… |
| CVE-2026-7816 | CVE-2026-7816 CVSS 8.8 | OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacomma… |
| CVE-2026-7815 | CVE-2026-7815 CVSS 8.8 | SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_… |
| CVE-2026-7807 | CVE-2026-7807 CVSS 8.1smartertools | SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authen… |
| CVE-2026-7750 | CVE-2026-7750 CVSS 8.8 | A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-7749 | CVE-2026-7749 CVSS 8.8 | A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the c… |
| CVE-2026-7748 | CVE-2026-7748 CVSS 8.8 | A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the … |
| CVE-2026-7717 | CVE-2026-7717 CVSS 8.8 | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of t… |
| CVE-2026-7685 | CVE-2026-7685 CVSS 8.8 | A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argum… |
| CVE-2026-7684 | CVE-2026-7684 CVSS 8.8 | A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of th… |
| CVE-2026-7675 | CVE-2026-7675 CVSS 8.8 | A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipula… |
| CVE-2026-7674 | CVE-2026-7674 CVSS 8.8 | A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Manage… |
| CVE-2026-7647 | CVE-2026-7647 CVSS 8.1 | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's … |
| CVE-2026-7641 | CVE-2026-7641 CVSS 8.8 | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_ex… |
| CVE-2026-7635 | CVE-2026-7635 CVSS 8.1 | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is … |
| CVE-2026-7611 | CVE-2026-7611 CVSS 8.1 | A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the compone… |
| CVE-2026-7610 | CVE-2026-7610 CVSS 8.1 | A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such… |
| CVE-2026-7609 | CVE-2026-7609 CVSS 8.8 | A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component … |
| CVE-2026-7608 | CVE-2026-7608 CVSS 8.0 | A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os comman… |
| CVE-2026-7607 | CVE-2026-7607 CVSS 8.8 | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The … |
| CVE-2026-7606 | CVE-2026-7606 CVSS 8.1 | A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Upda… |
| CVE-2026-7554 | CVE-2026-7554 CVSS 8.1 | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation … |
| CVE-2026-7551 | CVE-2026-7551 CVSS 8.8 | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute a… |
| CVE-2026-7548 | CVE-2026-7548 CVSS 8.8 | A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a man… |
| CVE-2026-7522 | CVE-2026-7522 CVSS 8.8 | The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' p… |
| CVE-2026-7513 | CVE-2026-7513 CVSS 8.8 | A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The m… |
| CVE-2026-7512 | CVE-2026-7512 CVSS 8.8 | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation … |
| CVE-2026-7504 | CVE-2026-7504 CVSS 8.1redhat | A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirec… |
| CVE-2026-7503 | CVE-2026-7503 CVSS 8.8 | A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modu… |
| CVE-2026-7498 | CVE-2026-7498 CVSS 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organizatio… |
| CVE-2026-7491 | CVE-2026-7491 CVSS 8.1 | School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter t… |
| CVE-2026-7489 | CVE-2026-7489 CVSS 8.8 | CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delet… |
| CVE-2026-7474 | CVE-2026-7474 CVSS 8.8 | HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CV… |
| CVE-2026-7470 | CVE-2026-7470 CVSS 8.8 | A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation… |
| CVE-2026-7467 | CVE-2026-7467 CVSS 8.8 | The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAj… |
| CVE-2026-7466 | CVE-2026-7466 CVSS 8.8 | AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeli… |
| CVE-2026-7426 | CVE-2026-7426 CVSS 8.1 | Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent net… |
| CVE-2026-7424 | CVE-2026-7424 CVSS 8.1 | Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 a… |
| CVE-2026-7420 | CVE-2026-7420 CVSS 8.8 | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The … |
| CVE-2026-7419 | CVE-2026-7419 CVSS 8.8 | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. … |