31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 751–800 of 31,467 · page 16 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-7334 | CVE-2026-7334 CVSS 8.8 | Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pag… |
| CVE-2026-7333 | CVE-2026-7333 CVSS 9.6 | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chro… |
| CVE-2026-7321 | CVE-2026-7321 CVSS 9.6 | Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox … |
| CVE-2026-7313 | CVE-2026-7313 CVSS 8.7progress | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker … |
| CVE-2026-7312 | CVE-2026-7312 CVSS 10.0progress | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.… |
| CVE-2026-7307 | CVE-2026-7307 CVSS 7.5redhat | A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoi… |
| CVE-2026-7304 | CVE-2026-7304 CVSS 9.8 | SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Pyt… |
| CVE-2026-7302 | CVE-2026-7302 CVSS 9.1 | SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere … |
| CVE-2026-7301 | CVE-2026-7301 CVSS 9.8 | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages,… |
| CVE-2026-7299 | CVE-2026-7299 CVSS 6.3appsmith | Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated … |
| CVE-2026-7289 | CVE-2026-7289 CVSS 8.8 | A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the… |
| CVE-2026-7288 | CVE-2026-7288 CVSS 8.8 | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipu… |
| CVE-2026-7284 | CVE-2026-7284 CVSS 9.8 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions u… |
| CVE-2026-7273 | CVE-2026-7273 CVSS 8.8 | A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthe… |
| CVE-2026-7261 | CVE-2026-7261 CVSS 9.8 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESS… |
| CVE-2026-7256 | CVE-2026-7256 CVSS 8.8 | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjace… |
| CVE-2026-7254 | CVE-2026-7254 CVSS 5.3ibm | IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. |
| CVE-2026-7252 | CVE-2026-7252 CVSS 8.1 | The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deleti… |
| CVE-2026-7251 | CVE-2026-7251 CVSS 9.8 | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with r… |
| CVE-2026-7250 | CVE-2026-7250 CVSS 7.5gitlab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certai… |
| CVE-2026-7248 | CVE-2026-7248 CVSS 9.4 | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipula… |
| CVE-2026-7244 | CVE-2026-7244 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cste… |
| CVE-2026-7243 | CVE-2026-7243 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of th… |
| CVE-2026-7242 | CVE-2026-7242 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the co… |
| CVE-2026-7241 | CVE-2026-7241 CVSS 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the comp… |
| CVE-2026-7240 | CVE-2026-7240 CVSS 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.c… |
| CVE-2026-7210 | CVE-2026-7210 CVSS 7.5python | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger has… |
| CVE-2026-7204 | CVE-2026-7204 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of th… |
| CVE-2026-7203 | CVE-2026-7203 CVSS 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi o… |
| CVE-2026-7202 | CVE-2026-7202 CVSS 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the compo… |
| CVE-2026-7201 | CVE-2026-7201 CVSS 8.8progress | CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x b… |
| CVE-2026-7198 | CVE-2026-7198 CVSS 9.8progress | CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content t… |
| CVE-2026-7195 | CVE-2026-7195 CVSS 8.8progress | CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before… |
| CVE-2026-7186 | CVE-2026-7186 CVSS 5.4checkmk | Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing … |
| CVE-2026-7184 | CVE-2026-7184 CVSS 6.5mattermost | Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows … |
| CVE-2026-7161 | CVE-2026-7161 CVSS 9.3geovision | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast pack… |
| CVE-2026-7160 | CVE-2026-7160 CVSS 8.8 | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation… |
| CVE-2026-7156 | CVE-2026-7156 CVSS 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI… |
| CVE-2026-7155 | CVE-2026-7155 CVSS 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.… |
| CVE-2026-7154 | CVE-2026-7154 CVSS 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the c… |
| CVE-2026-7153 | CVE-2026-7153 CVSS 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cs… |
| CVE-2026-7152 | CVE-2026-7152 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of t… |
| CVE-2026-7151 | CVE-2026-7151 CVSS 8.8 | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argum… |
| CVE-2026-7140 | CVE-2026-7140 CVSS 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component C… |
| CVE-2026-7139 | CVE-2026-7139 CVSS 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the componen… |
| CVE-2026-7138 | CVE-2026-7138 CVSS 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the… |
| CVE-2026-7137 | CVE-2026-7137 CVSS 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of… |
| CVE-2026-7136 | CVE-2026-7136 CVSS 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of th… |
| CVE-2026-7125 | CVE-2026-7125 CVSS 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi … |
| CVE-2026-7124 | CVE-2026-7124 CVSS 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstec… |