31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 601–650 of 31,467 · page 13 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-7910 | CVE-2026-7910 CVSS 9.6 | Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via… |
| CVE-2026-7908 | CVE-2026-7908 CVSS 9.6 | Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.… |
| CVE-2026-7907 | CVE-2026-7907 CVSS 8.8 | Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… |
| CVE-2026-7906 | CVE-2026-7906 CVSS 8.8 | Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… |
| CVE-2026-7905 | CVE-2026-7905 CVSS 8.3 | Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the render… |
| CVE-2026-7903 | CVE-2026-7903 CVSS 8.8 | Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted… |
| CVE-2026-7902 | CVE-2026-7902 CVSS 8.8 | Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT… |
| CVE-2026-7901 | CVE-2026-7901 CVSS 8.8 | Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … |
| CVE-2026-7900 | CVE-2026-7900 CVSS 8.3 | Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform… |
| CVE-2026-7899 | CVE-2026-7899 CVSS 8.8 | Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… |
| CVE-2026-7898 | CVE-2026-7898 CVSS 8.8 | Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic… |
| CVE-2026-7896 | CVE-2026-7896 CVSS 8.8 | Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Ch… |
| CVE-2026-7888 | CVE-2026-7888 | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allow… |
| CVE-2026-7876 | CVE-2026-7876 CVSS 9.1ibm | IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vu… |
| CVE-2026-7875 | CVE-2026-7875 CVSS 8.8 | NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a c… |
| CVE-2026-7870 | CVE-2026-7870 CVSS 8.8ibm | IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled c… |
| CVE-2026-7858 | CVE-2026-7858 CVSS 9.8 | A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration S… |
| CVE-2026-7854 | CVE-2026-7854 CVSS 9.8 | A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp … |
| CVE-2026-7853 | CVE-2026-7853 CVSS 9.8 | A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This … |
| CVE-2026-7852 | CVE-2026-7852 CVSS 9.8 | Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: b… |
| CVE-2026-7841 | CVE-2026-7841 CVSS 8.8 | A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can ex… |
| CVE-2026-7834 | CVE-2026-7834 CVSS 9.8 | A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.c… |
| CVE-2026-7823 | CVE-2026-7823 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The man… |
| CVE-2026-7821 | CVE-2026-7821 CVSS 9.1 | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device bel… |
| CVE-2026-7819 | CVE-2026-7819 CVSS 8.1 | Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolv… |
| CVE-2026-7816 | CVE-2026-7816 CVSS 8.8 | OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacomma… |
| CVE-2026-7815 | CVE-2026-7815 CVSS 8.8 | SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_… |
| CVE-2026-7813 | CVE-2026-7813 CVSS 9.9 | Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple en… |
| CVE-2026-7807 | CVE-2026-7807 CVSS 8.1smartertools | SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authen… |
| CVE-2026-7796 | CVE-2026-7796 CVSS 6.4 | The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scrip… |
| CVE-2026-7795 | CVE-2026-7795 CVSS 6.4 | The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions up to,… |
| CVE-2026-7792 | CVE-2026-7792 CVSS 5.3 | The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification o… |
| CVE-2026-7787 | CVE-2026-7787 CVSS 7.5langflow | IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direc… |
| CVE-2026-7786 | CVE-2026-7786 CVSS 9.8 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded i… |
| CVE-2026-7774 | CVE-2026-7774 | tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outs… |
| CVE-2026-7770 | CVE-2026-7770 CVSS 8.8 | IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests … |
| CVE-2026-7765 | CVE-2026-7765 CVSS 5.3checkmk | Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messa… |
| CVE-2026-7764 | CVE-2026-7764 CVSS 6.8 | An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthent… |
| CVE-2026-7763 | CVE-2026-7763 CVSS 9.8 | A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an un… |
| CVE-2026-7762 | CVE-2026-7762 CVSS 9.8 | A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an … |
| CVE-2026-7750 | CVE-2026-7750 CVSS 8.8 | A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-7749 | CVE-2026-7749 CVSS 8.8 | A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the c… |
| CVE-2026-7748 | CVE-2026-7748 CVSS 8.8 | A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the … |
| CVE-2026-7747 | CVE-2026-7747 CVSS 9.8 | A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.c… |
| CVE-2026-7719 | CVE-2026-7719 CVSS 9.8 | A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of … |
| CVE-2026-7717 | CVE-2026-7717 CVSS 8.8 | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of t… |
| CVE-2026-7690 | CVE-2026-7690 CVSS 9.8 | A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manip… |
| CVE-2026-7685 | CVE-2026-7685 CVSS 8.8 | A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argum… |
| CVE-2026-7684 | CVE-2026-7684 CVSS 8.8 | A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of th… |
| CVE-2026-7675 | CVE-2026-7675 CVSS 8.8 | A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipula… |