31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 451–500 of 31,467 · page 10 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-8519 | CVE-2026-8519 CVSS 8.8 | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted … |
| CVE-2026-8518 | CVE-2026-8518 CVSS 8.8 | Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-8517 | CVE-2026-8517 CVSS 8.8 | Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gest… |
| CVE-2026-8515 | CVE-2026-8515 CVSS 8.3 | Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially … |
| CVE-2026-8514 | CVE-2026-8514 CVSS 8.3 | Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a san… |
| CVE-2026-8513 | CVE-2026-8513 CVSS 8.3 | Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially p… |
| CVE-2026-8512 | CVE-2026-8512 CVSS 8.3 | Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to poten… |
| CVE-2026-8511 | CVE-2026-8511 CVSS 9.6 | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrom… |
| CVE-2026-8509 | CVE-2026-8509 CVSS 8.8 | Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … |
| CVE-2026-8507 | CVE-2026-8507 CVSS 9.8 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT S… |
| CVE-2026-8502 | CVE-2026-8502 CVSS 5.3 | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions u… |
| CVE-2026-8501 | CVE-2026-8501 CVSS 7.8 | Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM d… |
| CVE-2026-8500 | CVE-2026-8500 CVSS 9.8 | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command… |
| CVE-2026-8499 | CVE-2026-8499 CVSS 5.3 | The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This… |
| CVE-2026-8495 | CVE-2026-8495 CVSS 9.8 | Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15. |
| CVE-2026-8484 | CVE-2026-8484 | A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call… |
| CVE-2026-8474 | CVE-2026-8474 CVSS 5.3 | A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.8.0 to 4.8.15, * 5.0.0 to 5.0.5 It is possible t… |
| CVE-2026-8464 | CVE-2026-8464 | Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files … |
| CVE-2026-8461 | CVE-2026-8461 CVSS 8.8 | An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be … |
| CVE-2026-8444 | CVE-2026-8444 CVSS 8.8 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions … |
| CVE-2026-8443 | CVE-2026-8443 CVSS 8.8 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data A… |
| CVE-2026-8442 | CVE-2026-8442 CVSS 8.1 | The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authoriza… |
| CVE-2026-8438 | CVE-2026-8438 CVSS 7.2 | The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7.… |
| CVE-2026-8434 | CVE-2026-8434 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security… |
| CVE-2026-8433 | CVE-2026-8433 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team ga… |
| CVE-2026-8432 | CVE-2026-8432 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave… |
| CVE-2026-8430 | CVE-2026-8430 CVSS 8.1 | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attac… |
| CVE-2026-8429 | CVE-2026-8429 CVSS 8.8 | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context… |
| CVE-2026-8428 | CVE-2026-8428 CVSS 8.8 | Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method i… |
| CVE-2026-8427 | CVE-2026-8427 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id). The Concrete CMS… |
| CVE-2026-8426 | CVE-2026-8426 CVSS 8.8 | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An atta… |
| CVE-2026-8422 | CVE-2026-8422 CVSS 4.3 | The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to… |
| CVE-2026-8421 | CVE-2026-8421 CVSS 8.8 | Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/controllers/single_page/dashboard/extend/install.php. A… |
| CVE-2026-8417 | CVE-2026-8417 CVSS 8.8 | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() metho… |
| CVE-2026-8416 | CVE-2026-8416 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS se… |
| CVE-2026-8415 | CVE-2026-8415 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS sec… |
| CVE-2026-8414 | CVE-2026-8414 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team g… |
| CVE-2026-8413 | CVE-2026-8413 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team … |
| CVE-2026-8412 | CVE-2026-8412 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team … |
| CVE-2026-8411 | CVE-2026-8411 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team … |
| CVE-2026-8410 | CVE-2026-8410 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security … |
| CVE-2026-8409 | CVE-2026-8409 CVSS 8.8 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team … |
| CVE-2026-8406 | CVE-2026-8406 | openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging mod… |
| CVE-2026-8405 | CVE-2026-8405 CVSS 6.5ibm | IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credential… |
| CVE-2026-8404 | CVE-2026-8404 CVSS 3.1djangoproject | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Contr… |
| CVE-2026-8401 | CVE-2026-8401 CVSS 9.8 | Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. |
| CVE-2026-8398 | Daemon Tools Lite Embedded Malicious Code Vulnerability KEVCVSS 9.8Daemon | Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability. |
| CVE-2026-8389 | CVE-2026-8389 CVSS 8.8mozilla | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. |
| CVE-2026-8386 | CVE-2026-8386 CVSS 5.3 | The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticat… |
| CVE-2026-8385 | CVE-2026-8385 CVSS 5.3 | The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allow… |