31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 701–750 of 31,467 · page 15 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-7470 | CVE-2026-7470 CVSS 8.8 | A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation… |
| CVE-2026-7467 | CVE-2026-7467 CVSS 8.8 | The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAj… |
| CVE-2026-7466 | CVE-2026-7466 CVSS 8.8 | AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeli… |
| CVE-2026-7465 | CVE-2026-7465 CVSS 8.8 | The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and incl… |
| CVE-2026-7459 | CVE-2026-7459 CVSS 7.5 | The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions… |
| CVE-2026-7458 | CVE-2026-7458 CVSS 9.8 | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to t… |
| CVE-2026-7453 | CVE-2026-7453 CVSS 5.5autodesk | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition. |
| CVE-2026-7450 | CVE-2026-7450 CVSS 5.5autodesk | A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the… |
| CVE-2026-7426 | CVE-2026-7426 CVSS 8.1 | Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent net… |
| CVE-2026-7424 | CVE-2026-7424 CVSS 8.1 | Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 a… |
| CVE-2026-7421 | CVE-2026-7421 CVSS 4.4 | The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the `get_shop… |
| CVE-2026-7420 | CVE-2026-7420 CVSS 8.8 | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The … |
| CVE-2026-7419 | CVE-2026-7419 CVSS 8.8 | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. … |
| CVE-2026-7418 | CVE-2026-7418 CVSS 8.8 | A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Exec… |
| CVE-2026-7415 | CVE-2026-7415 CVSS 9.8 | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same net… |
| CVE-2026-7414 | CVE-2026-7414 CVSS 9.8 | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running … |
| CVE-2026-7413 | CVE-2026-7413 CVSS 9.8 | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functiona… |
| CVE-2026-7412 | CVE-2026-7412 CVSS 8.6 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requ… |
| CVE-2026-7411 | CVE-2026-7411 CVSS 10.0 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote … |
| CVE-2026-7402 | CVE-2026-7402 CVSS 8.1 | Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 b… |
| CVE-2026-7399 | CVE-2026-7399 CVSS 8.1 | Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from … |
| CVE-2026-7387 | CVE-2026-7387 CVSS 8.8mattermost | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when… |
| CVE-2026-7383 | CVE-2026-7383 CVSS 8.1openssl | Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Im… |
| CVE-2026-7382 | CVE-2026-7382 CVSS 6.5 | Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software … |
| CVE-2026-7381 | CVE-2026-7381 CVSS 9.1 | Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation se… |
| CVE-2026-7374 | CVE-2026-7374 CVSS 9.9 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to… |
| CVE-2026-7372 | CVE-2026-7372 CVSS 9.0 | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an … |
| CVE-2026-7368 | CVE-2026-7368 CVSS 8.1 | The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or le… |
| CVE-2026-7365 | CVE-2026-7365 CVSS 8.4ibm | IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process fo… |
| CVE-2026-7363 | CVE-2026-7363 CVSS 8.8 | Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a… |
| CVE-2026-7361 | CVE-2026-7361 CVSS 8.8 | Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrom… |
| CVE-2026-7359 | CVE-2026-7359 CVSS 8.8 | Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… |
| CVE-2026-7358 | CVE-2026-7358 CVSS 8.8 | Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pa… |
| CVE-2026-7356 | CVE-2026-7356 CVSS 8.8 | Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se… |
| CVE-2026-7355 | CVE-2026-7355 CVSS 8.8 | Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-7354 | CVE-2026-7354 CVSS 8.8 | Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted … |
| CVE-2026-7353 | CVE-2026-7353 CVSS 8.3 | Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform… |
| CVE-2026-7352 | CVE-2026-7352 CVSS 8.3 | Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially p… |
| CVE-2026-7350 | CVE-2026-7350 CVSS 8.3 | Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a … |
| CVE-2026-7348 | CVE-2026-7348 CVSS 8.8 | Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-7347 | CVE-2026-7347 CVSS 8.1 | Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chrom… |
| CVE-2026-7346 | CVE-2026-7346 CVSS 8.1 | Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HT… |
| CVE-2026-7345 | CVE-2026-7345 CVSS 8.3 | Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer proc… |
| CVE-2026-7344 | CVE-2026-7344 CVSS 8.8 | Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to poten… |
| CVE-2026-7342 | CVE-2026-7342 CVSS 8.8 | Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafte… |
| CVE-2026-7341 | CVE-2026-7341 CVSS 8.8 | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-7339 | CVE-2026-7339 CVSS 8.8 | Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pag… |
| CVE-2026-7337 | CVE-2026-7337 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… |
| CVE-2026-7336 | CVE-2026-7336 CVSS 8.8 | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-7335 | CVE-2026-7335 CVSS 8.8 | Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |