31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 301–350 of 31,467 · page 7 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-8993 | CVE-2026-8993 CVSS 6.5 | D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handler… |
| CVE-2026-8992 | CVE-2026-8992 CVSS 8.8 | An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary cod… |
| CVE-2026-8991 | CVE-2026-8991 CVSS 4.4 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_… |
| CVE-2026-8981 | CVE-2026-8981 CVSS 3.5 | The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block tem… |
| CVE-2026-8978 | CVE-2026-8978 CVSS 4.9 | The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in a… |
| CVE-2026-8977 | CVE-2026-8977 CVSS 6.4 | The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, a… |
| CVE-2026-8976 | CVE-2026-8976 CVSS 4.3 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in … |
| CVE-2026-8975 | CVE-2026-8975 CVSS 8.8 | Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume th… |
| CVE-2026-8974 | CVE-2026-8974 CVSS 8.8 | Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effor… |
| CVE-2026-8973 | CVE-2026-8973 CVSS 8.8 | Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could h… |
| CVE-2026-8972 | CVE-2026-8972 CVSS 8.8 | Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8970 | CVE-2026-8970 CVSS 8.8 | Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8969 | CVE-2026-8969 CVSS 8.1 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8962 | CVE-2026-8962 CVSS 8.1 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8959 | CVE-2026-8959 CVSS 9.6 | Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbir… |
| CVE-2026-8958 | CVE-2026-8958 CVSS 8.6 | Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderb… |
| CVE-2026-8957 | CVE-2026-8957 CVSS 8.8 | Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 14… |
| CVE-2026-8956 | CVE-2026-8956 CVSS 9.8 | Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8955 | CVE-2026-8955 CVSS 8.8 | Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-8953 | CVE-2026-8953 CVSS 9.6 | Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.… |
| CVE-2026-8952 | CVE-2026-8952 CVSS 8.8 | Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8950 | CVE-2026-8950 CVSS 9.3 | Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird … |
| CVE-2026-8948 | CVE-2026-8948 CVSS 9.1 | Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. |
| CVE-2026-8940 | CVE-2026-8940 CVSS 4.3 | The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or in… |
| CVE-2026-8936 | CVE-2026-8936 | Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder a… |
| CVE-2026-8935 | CVE-2026-8935 CVSS 9.8 | The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page… |
| CVE-2026-8931 | CVE-2026-8931 | A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. |
| CVE-2026-8922 | CVE-2026-8922 CVSS 5.4redhat | A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspec… |
| CVE-2026-8916 | CVE-2026-8916 CVSS 6.1 | Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6… |
| CVE-2026-8915 | CVE-2026-8915 CVSS 8.8samsung | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e… |
| CVE-2026-8914 | CVE-2026-8914 | In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eva… |
| CVE-2026-8913 | CVE-2026-8913 | A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input withi… |
| CVE-2026-8910 | CVE-2026-8910 CVSS 6.1 | The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or … |
| CVE-2026-8909 | CVE-2026-8909 CVSS 4.3 | The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect no… |
| CVE-2026-8907 | CVE-2026-8907 CVSS 6.1 | The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce valida… |
| CVE-2026-8904 | CVE-2026-8904 CVSS 4.3 | The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery … |
| CVE-2026-8902 | CVE-2026-8902 CVSS 4.3 | The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing o… |
| CVE-2026-8901 | CVE-2026-8901 CVSS 7.2 | The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting v… |
| CVE-2026-8900 | CVE-2026-8900 CVSS 6.4 | The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8… |
| CVE-2026-8895 | CVE-2026-8895 CVSS 6.4 | The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including,… |
| CVE-2026-8893 | CVE-2026-8893 CVSS 6.4 | The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in … |
| CVE-2026-8890 | CVE-2026-8890 CVSS 8.2 | code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a … |
| CVE-2026-8889 | CVE-2026-8889 CVSS 7.5securly | Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashe… |
| CVE-2026-8888 | CVE-2026-8888 CVSS 7.5securly | Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new R… |
| CVE-2026-8885 | CVE-2026-8885 CVSS 6.4 | The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, an… |
| CVE-2026-8883 | CVE-2026-8883 CVSS 6.4 | The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and inc… |
| CVE-2026-8882 | CVE-2026-8882 CVSS 6.4 | The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and includ… |
| CVE-2026-8881 | CVE-2026-8881 CVSS 7.5securly | Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since … |
| CVE-2026-8880 | CVE-2026-8880 CVSS 6.4 | The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_b… |
| CVE-2026-8879 | CVE-2026-8879 CVSS 7.5securly | Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runti… |