31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 951–1,000 of 31,509 · page 20 of 631
| ID | Title | Summary |
|---|---|---|
| CVE-2026-6311 | CVE-2026-6311 CVSS 8.3 | Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to po… |
| CVE-2026-6310 | CVE-2026-6310 CVSS 8.3 | Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a san… |
| CVE-2026-6309 | CVE-2026-6309 CVSS 8.3 | Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… |
| CVE-2026-6307 | CVE-2026-6307 CVSS 8.8 | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pag… |
| CVE-2026-6306 | CVE-2026-6306 CVSS 8.8 | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF … |
| CVE-2026-6305 | CVE-2026-6305 CVSS 8.8 | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF … |
| CVE-2026-6304 | CVE-2026-6304 CVSS 8.3 | Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a… |
| CVE-2026-6303 | CVE-2026-6303 CVSS 8.8 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-6302 | CVE-2026-6302 CVSS 8.8 | Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-6301 | CVE-2026-6301 CVSS 8.8 | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pag… |
| CVE-2026-6300 | CVE-2026-6300 CVSS 8.8 | Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (C… |
| CVE-2026-6299 | CVE-2026-6299 CVSS 8.8 | Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium sec… |
| CVE-2026-6297 | CVE-2026-6297 CVSS 8.3 | Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape v… |
| CVE-2026-6296 | CVE-2026-6296 CVSS 9.6 | Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML pag… |
| CVE-2026-6290 | CVE-2026-6290 CVSS 9.1 | Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This all… |
| CVE-2026-6284 | CVE-2026-6284 CVSS 9.1 | An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password … |
| CVE-2026-6282 | CVE-2026-6282 CVSS 8.1 | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user… |
| CVE-2026-6281 | CVE-2026-6281 CVSS 8.8 | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execu… |
| CVE-2026-6279 | CVE-2026-6279 CVSS 9.8 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and… |
| CVE-2026-6277 | CVE-2026-6277 CVSS 4.3gitlab | GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain co… |
| CVE-2026-6274 | CVE-2026-6274 CVSS 9.8 | Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline… |
| CVE-2026-6271 | CVE-2026-6271 CVSS 9.8 | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due… |
| CVE-2026-6270 | CVE-2026-6270 CVSS 9.1 | @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers… |
| CVE-2026-6269 | CVE-2026-6269 CVSS 5.4gitlab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certai… |
| CVE-2026-6266 | CVE-2026-6266 CVSS 8.3 | A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an… |
| CVE-2026-6265 | CVE-2026-6265 CVSS 8.8 | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus F… |
| CVE-2026-6264 | CVE-2026-6264 CVSS 9.8 | A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector… |
| CVE-2026-6261 | CVE-2026-6261 CVSS 8.8 | The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workf… |
| CVE-2026-6257 | CVE-2026-6257 CVSS 9.1 | Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename han… |
| CVE-2026-6250 | CVE-2026-6250 CVSS 8.1tp-link | An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally control… |
| CVE-2026-6249 | CVE-2026-6249 CVSS 8.8 | Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating… |
| CVE-2026-6248 | CVE-2026-6248 CVSS 8.1 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the… |
| CVE-2026-6242 | CVE-2026-6242 | An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters… |
| CVE-2026-6241 | CVE-2026-6241 | An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formattin… |
| CVE-2026-6240 | CVE-2026-6240 | A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multip… |
| CVE-2026-6239 | CVE-2026-6239 | A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number o… |
| CVE-2026-6238 | CVE-2026-6238 CVSS 6.5gnu | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against th… |
| CVE-2026-6235 | CVE-2026-6235 CVSS 9.8 | The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and in… |
| CVE-2026-6228 | CVE-2026-6228 CVSS 8.8 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficien… |
| CVE-2026-6211 | CVE-2026-6211 CVSS 8.7 | Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrai… |
| CVE-2026-6209 | CVE-2026-6209 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2026-6208 | CVE-2026-6208 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2026-6207 | CVE-2026-6207 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2026-6200 | CVE-2026-6200 CVSS 8.8 | A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipula… |
| CVE-2026-6199 | CVE-2026-6199 CVSS 8.8 | A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page … |
| CVE-2026-6198 | CVE-2026-6198 CVSS 8.8 | A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulati… |
| CVE-2026-6197 | CVE-2026-6197 CVSS 8.8 | A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulat… |
| CVE-2026-6196 | CVE-2026-6196 CVSS 8.8 | A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the a… |
| CVE-2026-6195 | CVE-2026-6195 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin… |
| CVE-2026-6194 | CVE-2026-6194 CVSS 8.8 | A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup … |