31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 51–100 of 31,200 · page 2 of 624
| ID | Title | Summary |
|---|---|---|
| CVE-2026-9903 | CVE-2026-9903 CVSS 5.0google | Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the rendere… |
| CVE-2026-9902 | CVE-2026-9902 CVSS 8.3google | Use after free in Accessibility in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perf… |
| CVE-2026-9900 | CVE-2026-9900 CVSS 8.3google | Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform… |
| CVE-2026-9899 | CVE-2026-9899 CVSS 8.3google | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… |
| CVE-2026-9898 | CVE-2026-9898 CVSS 8.3google | Insufficient validation of untrusted input in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the rendere… |
| CVE-2026-9895 | CVE-2026-9895 CVSS 8.3google | Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a … |
| CVE-2026-9894 | CVE-2026-9894 CVSS 8.3google | Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… |
| CVE-2026-9893 | CVE-2026-9893 CVSS 8.3google | Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a san… |
| CVE-2026-9892 | CVE-2026-9892 CVSS 8.3google | Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to … |
| CVE-2026-9890 | CVE-2026-9890 CVSS 8.3google | Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perf… |
| CVE-2026-9889 | CVE-2026-9889 CVSS 8.3google | Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via … |
| CVE-2026-9888 | CVE-2026-9888 CVSS 8.3google | Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially… |
| CVE-2026-9886 | CVE-2026-9886 CVSS 9.6google | Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML pag… |
| CVE-2026-9885 | CVE-2026-9885 CVSS 8.3google | Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer pro… |
| CVE-2026-9881 | CVE-2026-9881 CVSS 9.0google | Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potent… |
| CVE-2026-9876 | CVE-2026-9876 CVSS 9.6google | Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTM… |
| CVE-2026-9875 | CVE-2026-9875 CVSS 9.6google | Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted… |
| CVE-2026-9872 | CVE-2026-9872 CVSS 9.6google | Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted … |
| CVE-2026-9863 | CVE-2026-9863 CVSS 7.5 | Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicio… |
| CVE-2026-9862 | CVE-2026-9862 CVSS 9.8 | Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with networ… |
| CVE-2026-9860 | CVE-2026-9860 CVSS 8.8 | The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via … |
| CVE-2026-9851 | CVE-2026-9851 CVSS 7.2 | The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a … |
| CVE-2026-9848 | CVE-2026-9848 CVSS 7.5 | The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, 6.0.4 The pl… |
| CVE-2026-9844 | CVE-2026-9844 | Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Pas… |
| CVE-2026-9831 | CVE-2026-9831 CVSS 6.3 | A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermit… |
| CVE-2026-9829 | CVE-2026-9829 CVSS 6.5 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcod… |
| CVE-2026-9815 | CVE-2026-9815 CVSS 6.5 | The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-fie… |
| CVE-2026-9813 | CVE-2026-9813 CVSS 9.9flowintel | FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py… |
| CVE-2026-9803 | CVE-2026-9803 CVSS 5.3redhat | A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafte… |
| CVE-2026-9802 | CVE-2026-9802 CVSS 6.8redhat | A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mech… |
| CVE-2026-9801 | CVE-2026-9801 CVSS 4.9redhat | A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protoc… |
| CVE-2026-9798 | CVE-2026-9798 CVSS 4.3redhat | A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login at… |
| CVE-2026-9796 | CVE-2026-9796 CVSS 6.5redhat | A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability i… |
| CVE-2026-9795 | CVE-2026-9795 CVSS 7.3redhat | A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vu… |
| CVE-2026-9794 | CVE-2026-9794 CVSS 5.3redhat | A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Sec… |
| CVE-2026-9793 | CVE-2026-9793 CVSS 5.9redhat | A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the d… |
| CVE-2026-9792 | CVE-2026-9792 CVSS 6.5redhat | A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, … |
| CVE-2026-9791 | CVE-2026-9791 CVSS 4.3redhat | A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the acco… |
| CVE-2026-9759 | CVE-2026-9759 CVSS 5.5wireshark | ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service |
| CVE-2026-9758 | CVE-2026-9758 CVSS 7.3 | Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted |
| CVE-2026-9757 | CVE-2026-9757 CVSS 7.5 | The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The … |
| CVE-2026-9754 | CVE-2026-9754 CVSS 6.5mongodb | An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command |
| CVE-2026-9753 | CVE-2026-9753 CVSS 8.1mongodb | The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bou… |
| CVE-2026-9752 | CVE-2026-9752 CVSS 6.5mongodb | An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polyg… |
| CVE-2026-9751 | CVE-2026-9751 CVSS 5.5mongodb | The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text. |
| CVE-2026-9750 | CVE-2026-9750 CVSS 6.5mongodb | An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing du… |
| CVE-2026-9749 | CVE-2026-9749 CVSS 6.5mongodb | This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving de… |
| CVE-2026-9748 | CVE-2026-9748 CVSS 6.5mongodb | The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecuti… |
| CVE-2026-9747 | CVE-2026-9747 CVSS 6.5mongodb | Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. |
| CVE-2026-9746 | CVE-2026-9746 CVSS 6.5mongodb | When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are … |