31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 251–300 of 31,467 · page 6 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-9150 | CVE-2026-9150 CVSS 6.5opensuse | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian… |
| CVE-2026-9149 | CVE-2026-9149 CVSS 6.5opensuse | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size v… |
| CVE-2026-9143 | CVE-2026-9143 CVSS 3.7 | There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high … |
| CVE-2026-9142 | CVE-2026-9142 CVSS 9.1 | There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This m… |
| CVE-2026-9141 | CVE-2026-9141 CVSS 9.8 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows un… |
| CVE-2026-9139 | CVE-2026-9139 CVSS 9.8 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentic… |
| CVE-2026-9137 | CVE-2026-9137 CVSS 7.5misp | The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where… |
| CVE-2026-9136 | CVE-2026-9136 CVSS 6.5misp | A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without … |
| CVE-2026-9134 | CVE-2026-9134 CVSS 6.4 | The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up to, and incl… |
| CVE-2026-9126 | CVE-2026-9126 CVSS 8.8google | Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.… |
| CVE-2026-9125 | CVE-2026-9125 CVSS 6.4 | The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in ve… |
| CVE-2026-9124 | CVE-2026-9124 CVSS 5.3google | Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer proc… |
| CVE-2026-9123 | CVE-2026-9123 CVSS 7.5google | Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code insi… |
| CVE-2026-9122 | CVE-2026-9122 CVSS 6.5google | Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process me… |
| CVE-2026-9121 | CVE-2026-9121 CVSS 8.8 | Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2026-9120 | CVE-2026-9120 CVSS 8.8 | Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium securi… |
| CVE-2026-9119 | CVE-2026-9119 CVSS 8.8 | Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… |
| CVE-2026-9118 | CVE-2026-9118 CVSS 8.8 | Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium… |
| CVE-2026-9114 | CVE-2026-9114 CVSS 8.8 | Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network t… |
| CVE-2026-9112 | CVE-2026-9112 CVSS 8.8 | Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HT… |
| CVE-2026-9111 | CVE-2026-9111 CVSS 8.8 | Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromi… |
| CVE-2026-9109 | CVE-2026-9109 CVSS 7.2 | The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting… |
| CVE-2026-9098 | CVE-2026-9098 CVSS 9.1 | In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifyi… |
| CVE-2026-9097 | CVE-2026-9097 CVSS 9.8 | Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oau… |
| CVE-2026-9096 | CVE-2026-9096 CVSS 7.5 | Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter… |
| CVE-2026-9094 | CVE-2026-9094 CVSS 9.8 | Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oau… |
| CVE-2026-9093 | CVE-2026-9093 CVSS 9.8 | In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The bui… |
| CVE-2026-9092 | CVE-2026-9092 CVSS 9.1 | Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule… |
| CVE-2026-9089 | CVE-2026-9089 CVSS 8.8 | The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is a… |
| CVE-2026-9088 | CVE-2026-9088 CVSS 2.7 | A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by ac… |
| CVE-2026-9087 | CVE-2026-9087 CVSS 6.4redhat | A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was… |
| CVE-2026-9082 | Drupal Core SQL Injection Vulnerability KEVCVSS 9.8Drupal | Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with… |
| CVE-2026-9076 | CVE-2026-9076 CVSS 7.5openssl | Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher … |
| CVE-2026-9067 | CVE-2026-9067 CVSS 9.1 | The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not … |
| CVE-2026-9064 | CVE-2026-9064 CVSS 7.5redhat | A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per L… |
| CVE-2026-9062 | CVE-2026-9062 CVSS 3.4 | The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administra… |
| CVE-2026-9061 | CVE-2026-9061 CVSS 3.5 | The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordP… |
| CVE-2026-9060 | CVE-2026-9060 CVSS 3.5 | The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordP… |
| CVE-2026-9057 | CVE-2026-9057 CVSS 8.2 | A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio up… |
| CVE-2026-9051 | CVE-2026-9051 CVSS 9.1 | There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypa… |
| CVE-2026-9050 | CVE-2026-9050 CVSS 4.3 | The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plu… |
| CVE-2026-9048 | CVE-2026-9048 CVSS 4.3 | The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. T… |
| CVE-2026-9045 | CVE-2026-9045 CVSS 7.8 | During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that coul… |
| CVE-2026-9035 | CVE-2026-9035 CVSS 6.5ibm | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera … |
| CVE-2026-9024 | CVE-2026-9024 CVSS 8.7 | A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x throu… |
| CVE-2026-9019 | CVE-2026-9019 CVSS 6.4 | The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_ur… |
| CVE-2026-9018 | CVE-2026-9018 CVSS 8.8 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1… |
| CVE-2026-9016 | CVE-2026-9016 CVSS 5.3 | The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions u… |
| CVE-2026-9013 | CVE-2026-9013 CVSS 4.3 | The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogo_rest_create_post_transla… |
| CVE-2026-9008 | CVE-2026-9008 CVSS 4.3 | The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_sh… |