Export limit exceeded: 343912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343912 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5909 | 1 Google | 1 Chrome | 2026-04-10 | 8.8 High |
| Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | ||||
| CVE-2026-5910 | 1 Google | 1 Chrome | 2026-04-10 | 8.8 High |
| Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | ||||
| CVE-2026-5911 | 1 Google | 1 Chrome | 2026-04-10 | 4.3 Medium |
| Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-5912 | 1 Google | 1 Chrome | 2026-04-10 | 8.8 High |
| Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-5914 | 1 Google | 1 Chrome | 2026-04-10 | 8.8 High |
| Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2026-5915 | 1 Google | 1 Chrome | 2026-04-10 | 8.1 High |
| Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-5918 | 1 Google | 1 Chrome | 2026-04-10 | 4.3 Medium |
| Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-5919 | 1 Google | 1 Chrome | 2026-04-10 | 6.5 Medium |
| Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-45806 | 1 Rrweb-io | 1 Rrweb | 2026-04-10 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2025-50228 | 1 Cherry-toto | 1 Jizhicms | 2026-04-10 | N/A |
| Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules. | ||||
| CVE-2025-70810 | 1 Ariefibis | 1 Phpbb3 | 2026-04-10 | N/A |
| Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism | ||||
| CVE-2025-70811 | 1 Ariefibis | 1 Phpbb3 | 2026-04-10 | N/A |
| Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality. | ||||
| CVE-2025-70364 | 1 Kiamo | 1 Kiamo | 2026-04-10 | N/A |
| An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. | ||||
| CVE-2025-70365 | 1 Kiamo | 1 Kiamo | 2026-04-10 | N/A |
| A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. | ||||
| CVE-2026-30479 | 1 Mapserver | 1 Mapserver | 2026-04-10 | N/A |
| A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. | ||||
| CVE-2025-63238 | 1 Limesurvey | 1 Limesurvey | 2026-04-10 | N/A |
| A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user. | ||||
| CVE-2025-70797 | 1 Limesurvey | 1 Limesurvey | 2026-04-10 | 6.1 Medium |
| Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters. | ||||
| CVE-2026-30478 | 1 Gatewaygeo | 1 Mapserver | 2026-04-10 | 8.8 High |
| A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable. | ||||
| CVE-2026-29923 | 1 Entechtaiwan | 1 Powerstrip | 2026-04-10 | N/A |
| The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures. | ||||
| CVE-2026-31170 | 1 Totolink | 1 A3300r | 2026-04-10 | N/A |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | ||||