31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,101–1,150 of 31,509 · page 23 of 631
| ID | Title | Summary |
|---|---|---|
| CVE-2026-5884 | CVE-2026-5884 CVSS 8.8 | Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process … |
| CVE-2026-5883 | CVE-2026-5883 CVSS 8.8google | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (… |
| CVE-2026-5879 | CVE-2026-5879 CVSS 8.8 | Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a… |
| CVE-2026-5877 | CVE-2026-5877 CVSS 8.8 | Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pa… |
| CVE-2026-5874 | CVE-2026-5874 CVSS 9.6 | Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potenti… |
| CVE-2026-5873 | CVE-2026-5873 CVSS 8.8 | Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… |
| CVE-2026-5872 | CVE-2026-5872 CVSS 8.8 | Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (… |
| CVE-2026-5871 | CVE-2026-5871 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… |
| CVE-2026-5870 | CVE-2026-5870 CVSS 8.8 | Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-5868 | CVE-2026-5868 CVSS 8.8 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted… |
| CVE-2026-5866 | CVE-2026-5866 CVSS 8.8 | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (… |
| CVE-2026-5865 | CVE-2026-5865 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… |
| CVE-2026-5863 | CVE-2026-5863 CVSS 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… |
| CVE-2026-5862 | CVE-2026-5862 CVSS 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… |
| CVE-2026-5861 | CVE-2026-5861 CVSS 8.8 | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… |
| CVE-2026-5860 | CVE-2026-5860 CVSS 8.8 | Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-5859 | CVE-2026-5859 CVSS 8.8 | Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Ch… |
| CVE-2026-5858 | CVE-2026-5858 CVSS 8.8 | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se… |
| CVE-2026-5854 | CVE-2026-5854 CVSS 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi o… |
| CVE-2026-5853 | CVE-2026-5853 CVSS 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /… |
| CVE-2026-5852 | CVE-2026-5852 CVSS 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component … |
| CVE-2026-5851 | CVE-2026-5851 CVSS 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the comp… |
| CVE-2026-5850 | CVE-2026-5850 CVSS 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the compon… |
| CVE-2026-5849 | CVE-2026-5849 CVSS 9.8 | A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation… |
| CVE-2026-5845 | CVE-2026-5845 CVSS 9.6 | An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to acc… |
| CVE-2026-5843 | CVE-2026-5843 CVSS 8.2docker | The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model… |
| CVE-2026-5841 | CVE-2026-5841 CVSS 9.8 | A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a… |
| CVE-2026-5830 | CVE-2026-5830 CVSS 8.8 | A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the a… |
| CVE-2026-5817 | CVE-2026-5817 CVSS 8.2docker | The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sa… |
| CVE-2026-5816 | CVE-2026-5816 CVSS 8.1 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthentic… |
| CVE-2026-5815 | CVE-2026-5815 CVSS 8.8 | A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation result… |
| CVE-2026-5804 | CVE-2026-5804 CVSS 8.4 | An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to… |
| CVE-2026-5792 | CVE-2026-5792 CVSS 6.5 | Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. Th… |
| CVE-2026-5788 | CVE-2026-5788 CVSS 9.8 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. |
| CVE-2026-5787 | CVE-2026-5787 CVSS 9.1 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate regi… |
| CVE-2026-5786 | CVE-2026-5786 CVSS 8.8 | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain adminis… |
| CVE-2026-5785 | CVE-2026-5785 CVSS 8.1 | Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injecti… |
| CVE-2026-5784 | CVE-2026-5784 CVSS 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allow… |
| CVE-2026-5781 | CVE-2026-5781 CVSS 8.8 | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user mo… |
| CVE-2026-5780 | CVE-2026-5780 CVSS 8.1 | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability… |
| CVE-2026-5779 | CVE-2026-5779 CVSS 8.8 | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows… |
| CVE-2026-5768 | CVE-2026-5768 CVSS 8.8 | The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization.… |
| CVE-2026-5760 | CVE-2026-5760 CVSS 9.8lmsys | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the… |
| CVE-2026-5752 | CVE-2026-5752 CVSS 9.3 | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal. |
| CVE-2026-5747 | CVE-2026-5747 CVSS 7.5amazon | An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user w… |
| CVE-2026-5735 | CVE-2026-5735 CVSS 9.8 | Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough … |
| CVE-2026-5734 | CVE-2026-5734 CVSS 9.8 | Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memo… |
| CVE-2026-5733 | CVE-2026-5733 CVSS 8.8 | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. |
| CVE-2026-5732 | CVE-2026-5732 CVSS 8.8 | Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderb… |
| CVE-2026-5731 | CVE-2026-5731 CVSS 9.8 | Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs s… |