Export limit exceeded: 14540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363368 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363368 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2026-07-04 | 8.8 High |
| PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | ||||
| CVE-2020-27509 | 1 Galaxkey | 1 Galaxkey | 2026-07-04 | 5.4 Medium |
| Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox. | ||||
| CVE-2021-42912 | 1 Fiberhome | 12 Aan5506-04-g2g Firmware, An5506-01-a, An5506-01-a Firmware and 9 more | 2026-07-04 | 8.8 High |
| FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. | ||||
| CVE-2022-37700 | 1 Easycorp | 1 Zentao | 2026-07-04 | 7.5 High |
| Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | ||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2026-07-04 | 8.1 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | ||||
| CVE-2022-25521 | 1 Nuuo | 1 Network Video Recorder Firmware | 2026-07-04 | 9.8 Critical |
| NUUO v03.11.00 was discovered to contain access control issue. | ||||
| CVE-2022-33077 | 1 Nopcommerce | 1 Nopcommerce | 2026-07-04 | 7.5 High |
| An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint. | ||||
| CVE-2026-13821 | 1 Google | 1 Chrome | 2026-07-04 | 8.8 High |
| Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13824 | 1 Google | 1 Chrome | 2026-07-04 | 7.5 High |
| Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13826 | 1 Google | 1 Chrome | 2026-07-04 | 6.5 Medium |
| Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13829 | 1 Google | 1 Chrome | 2026-07-04 | 8.3 High |
| Insufficient validation of untrusted input in Settings in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13830 | 1 Google | 1 Chrome | 2026-07-04 | 8.8 High |
| Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High) | ||||
| CVE-2026-13831 | 1 Google | 1 Chrome | 2026-07-04 | 7.5 High |
| Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13854 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13857 | 1 Google | 1 Chrome | 2026-07-04 | 4.2 Medium |
| Inappropriate implementation in Geometry in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13871 | 1 Google | 1 Chrome | 2026-07-04 | 6.5 Medium |
| Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13872 | 1 Google | 1 Chrome | 2026-07-04 | 9.1 Critical |
| Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-14684 | 1 Hdrhistogram | 1 Hdrhistogram | 2026-07-04 | 3.3 Low |
| A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2022-41542 | 1 Devhubapp | 1 Devhub | 2026-07-04 | 5.4 Medium |
| devhub 0.102.0 was discovered to contain a broken session control. | ||||
| CVE-2026-13892 | 1 Google | 1 Chrome | 2026-07-04 | 6.5 Medium |
| Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||