31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 351–400 of 8,161 in High · page 8 of 164
| ID | Title | Summary |
|---|---|---|
| CVE-2026-6442 | CVE-2026-6442 CVSS 8.3 | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attac… |
| CVE-2026-6419 | CVE-2026-6419 CVSS 8.8 | The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to… |
| CVE-2026-6406 | CVE-2026-6406 CVSS 8.8 | The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from… |
| CVE-2026-6379 | CVE-2026-6379 CVSS 8.6 | The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthent… |
| CVE-2026-6363 | CVE-2026-6363 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML p… |
| CVE-2026-6361 | CVE-2026-6361 CVSS 8.3 | Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gest… |
| CVE-2026-6360 | CVE-2026-6360 CVSS 8.8 | Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML pag… |
| CVE-2026-6359 | CVE-2026-6359 CVSS 8.8 | Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out o… |
| CVE-2026-6358 | CVE-2026-6358 CVSS 8.8 | Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML p… |
| CVE-2026-6348 | CVE-2026-6348 CVSS 8.8 | WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code wi… |
| CVE-2026-6346 | CVE-2026-6346 CVSS 8.7 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support pa… |
| CVE-2026-6318 | CVE-2026-6318 CVSS 8.8 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-6317 | CVE-2026-6317 CVSS 8.8 | Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security… |
| CVE-2026-6316 | CVE-2026-6316 CVSS 8.8 | Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-6315 | CVE-2026-6315 CVSS 8.8 | Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestu… |
| CVE-2026-6314 | CVE-2026-6314 CVSS 8.3 | Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sand… |
| CVE-2026-6311 | CVE-2026-6311 CVSS 8.3 | Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to po… |
| CVE-2026-6310 | CVE-2026-6310 CVSS 8.3 | Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a san… |
| CVE-2026-6309 | CVE-2026-6309 CVSS 8.3 | Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… |
| CVE-2026-6307 | CVE-2026-6307 CVSS 8.8 | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pag… |
| CVE-2026-6306 | CVE-2026-6306 CVSS 8.8 | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF … |
| CVE-2026-6305 | CVE-2026-6305 CVSS 8.8 | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF … |
| CVE-2026-6304 | CVE-2026-6304 CVSS 8.3 | Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a… |
| CVE-2026-6303 | CVE-2026-6303 CVSS 8.8 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-6302 | CVE-2026-6302 CVSS 8.8 | Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-6301 | CVE-2026-6301 CVSS 8.8 | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pag… |
| CVE-2026-6300 | CVE-2026-6300 CVSS 8.8 | Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (C… |
| CVE-2026-6299 | CVE-2026-6299 CVSS 8.8 | Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium sec… |
| CVE-2026-6297 | CVE-2026-6297 CVSS 8.3 | Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape v… |
| CVE-2026-6282 | CVE-2026-6282 CVSS 8.1 | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user… |
| CVE-2026-6281 | CVE-2026-6281 CVSS 8.8 | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execu… |
| CVE-2026-6266 | CVE-2026-6266 CVSS 8.3 | A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an… |
| CVE-2026-6265 | CVE-2026-6265 CVSS 8.8 | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus F… |
| CVE-2026-6261 | CVE-2026-6261 CVSS 8.8 | The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workf… |
| CVE-2026-6249 | CVE-2026-6249 CVSS 8.8 | Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating… |
| CVE-2026-6248 | CVE-2026-6248 CVSS 8.1 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the… |
| CVE-2026-6228 | CVE-2026-6228 CVSS 8.8 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficien… |
| CVE-2026-6200 | CVE-2026-6200 CVSS 8.8 | A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipula… |
| CVE-2026-6199 | CVE-2026-6199 CVSS 8.8 | A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page … |
| CVE-2026-6198 | CVE-2026-6198 CVSS 8.8 | A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulati… |
| CVE-2026-6197 | CVE-2026-6197 CVSS 8.8 | A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulat… |
| CVE-2026-6196 | CVE-2026-6196 CVSS 8.8 | A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the a… |
| CVE-2026-6194 | CVE-2026-6194 CVSS 8.8 | A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup … |
| CVE-2026-6186 | CVE-2026-6186 CVSS 8.8 | A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatSt… |
| CVE-2026-6180 | CVE-2026-6180 CVSS 8.1 | A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving drop… |
| CVE-2026-6168 | CVE-2026-6168 CVSS 8.8 | A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This man… |
| CVE-2026-6157 | CVE-2026-6157 CVSS 8.8 | A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so… |
| CVE-2026-6137 | CVE-2026-6137 CVSS 8.8 | A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulati… |
| CVE-2026-6136 | CVE-2026-6136 CVSS 8.8 | A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of… |
| CVE-2026-6135 | CVE-2026-6135 CVSS 8.8 | A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manip… |