31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 401–450 of 31,467 · page 9 of 630
| ID | Title | Summary |
|---|---|---|
| CVE-2026-8643 | CVE-2026-8643 CVSS 5.5pypa | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, lea… |
| CVE-2026-8637 | CVE-2026-8637 CVSS 7.8 | A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to exec… |
| CVE-2026-8634 | CVE-2026-8634 CVSS 9.1 | Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to … |
| CVE-2026-8633 | CVE-2026-8633 CVSS 9.8 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liber… |
| CVE-2026-8631 | CVE-2026-8631 CVSS 9.8 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of priv… |
| CVE-2026-8629 | CVE-2026-8629 CVSS 8.1 | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress … |
| CVE-2026-8621 | CVE-2026-8621 CVSS 8.8 | Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organization… |
| CVE-2026-8620 | CVE-2026-8620 CVSS 7.5ibm | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liber… |
| CVE-2026-8613 | CVE-2026-8613 CVSS 6.4 | The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions up to, and in… |
| CVE-2026-8611 | CVE-2026-8611 CVSS 4.3 | The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'in… |
| CVE-2026-8608 | CVE-2026-8608 CVSS 5.3 | The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions… |
| CVE-2026-8606 | CVE-2026-8606 CVSS 5.9github | A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP reques… |
| CVE-2026-8605 | CVE-2026-8605 CVSS 9.8 | In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. |
| CVE-2026-8604 | CVE-2026-8604 CVSS 8.8 | In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in u… |
| CVE-2026-8603 | CVE-2026-8603 CVSS 9.8 | In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system. |
| CVE-2026-8602 | CVE-2026-8602 CVSS 9.1 | In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to t… |
| CVE-2026-8599 | CVE-2026-8599 CVSS 6.4 | The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Camp… |
| CVE-2026-8598 | CVE-2026-8598 CVSS 9.1 | An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical… |
| CVE-2026-8594 | CVE-2026-8594 CVSS 6.2 | Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string… |
| CVE-2026-8589 | CVE-2026-8589 CVSS 7.3gitlab | GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain … |
| CVE-2026-8587 | CVE-2026-8587 CVSS 8.8 | Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execu… |
| CVE-2026-8581 | CVE-2026-8581 CVSS 8.8 | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (C… |
| CVE-2026-8580 | CVE-2026-8580 CVSS 9.6 | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chr… |
| CVE-2026-8577 | CVE-2026-8577 CVSS 8.8 | Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page… |
| CVE-2026-8575 | CVE-2026-8575 CVSS 8.3 | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb… |
| CVE-2026-8574 | CVE-2026-8574 CVSS 8.3 | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially pe… |
| CVE-2026-8573 | CVE-2026-8573 CVSS 8.3 | Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted … |
| CVE-2026-8571 | CVE-2026-8571 CVSS 8.3 | Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process t… |
| CVE-2026-8569 | CVE-2026-8569 CVSS 8.3 | Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted v… |
| CVE-2026-8558 | CVE-2026-8558 CVSS 8.8 | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML p… |
| CVE-2026-8555 | CVE-2026-8555 CVSS 8.8 | Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromiu… |
| CVE-2026-8551 | CVE-2026-8551 CVSS 8.8 | Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execut… |
| CVE-2026-8549 | CVE-2026-8549 CVSS 8.8 | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-8548 | CVE-2026-8548 CVSS 8.3 | Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform… |
| CVE-2026-8544 | CVE-2026-8544 CVSS 8.8 | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-8542 | CVE-2026-8542 CVSS 8.3 | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially pe… |
| CVE-2026-8540 | CVE-2026-8540 CVSS 8.8 | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… |
| CVE-2026-8534 | CVE-2026-8534 CVSS 8.3 | Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to po… |
| CVE-2026-8533 | CVE-2026-8533 CVSS 8.3 | Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perf… |
| CVE-2026-8532 | CVE-2026-8532 CVSS 8.8 | Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. … |
| CVE-2026-8531 | CVE-2026-8531 CVSS 8.8 | Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafte… |
| CVE-2026-8530 | CVE-2026-8530 CVSS 8.3 | Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially… |
| CVE-2026-8529 | CVE-2026-8529 CVSS 8.8 | Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted vide… |
| CVE-2026-8527 | CVE-2026-8527 CVSS 8.8 | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a craf… |
| CVE-2026-8526 | CVE-2026-8526 CVSS 8.8 | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … |
| CVE-2026-8525 | CVE-2026-8525 CVSS 8.3 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted H… |
| CVE-2026-8524 | CVE-2026-8524 CVSS 8.8 | Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTM… |
| CVE-2026-8523 | CVE-2026-8523 CVSS 8.3 | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a san… |
| CVE-2026-8522 | CVE-2026-8522 CVSS 8.8 | Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chrom… |
| CVE-2026-8520 | CVE-2026-8520 CVSS 8.3 | Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium … |