Export limit exceeded: 363384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363384 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13774 | 1 Google | 1 Chrome | 2026-07-04 | 8.1 High |
| Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical) | ||||
| CVE-2026-13779 | 1 Google | 1 Chrome | 2026-07-04 | 8.1 High |
| Use after free in Chromoting in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) | ||||
| CVE-2026-13785 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2020-24914 | 1 Qcubed | 1 Qcubed | 2026-07-04 | 9.8 Critical |
| A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | ||||
| CVE-2021-45420 | 1 Emerson | 2 Dixell Xweb-500, Dixell Xweb-500 Firmware | 2026-07-04 | 9.8 Critical |
| Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced. | ||||
| CVE-2020-24913 | 1 Qcubed | 1 Qcubed | 2026-07-04 | 9.8 Critical |
| A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. | ||||
| CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2026-07-04 | 8.8 High |
| PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | ||||
| CVE-2020-27509 | 1 Galaxkey | 1 Galaxkey | 2026-07-04 | 5.4 Medium |
| Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox. | ||||
| CVE-2021-42912 | 1 Fiberhome | 12 Aan5506-04-g2g Firmware, An5506-01-a, An5506-01-a Firmware and 9 more | 2026-07-04 | 8.8 High |
| FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. | ||||
| CVE-2022-37700 | 1 Easycorp | 1 Zentao | 2026-07-04 | 7.5 High |
| Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | ||||
| CVE-2020-22983 | 1 Microstrategy | 1 Microstrategy Web | 2026-07-04 | 8.1 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | ||||
| CVE-2022-25521 | 1 Nuuo | 1 Network Video Recorder Firmware | 2026-07-04 | 9.8 Critical |
| NUUO v03.11.00 was discovered to contain access control issue. | ||||
| CVE-2022-33077 | 1 Nopcommerce | 1 Nopcommerce | 2026-07-04 | 7.5 High |
| An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint. | ||||
| CVE-2026-13821 | 1 Google | 1 Chrome | 2026-07-04 | 8.8 High |
| Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13854 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13871 | 1 Google | 1 Chrome | 2026-07-04 | 6.5 Medium |
| Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14684 | 1 Hdrhistogram | 1 Hdrhistogram | 2026-07-04 | 3.3 Low |
| A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2022-41542 | 1 Devhubapp | 1 Devhub | 2026-07-04 | 5.4 Medium |
| devhub 0.102.0 was discovered to contain a broken session control. | ||||
| CVE-2026-13893 | 1 Google | 1 Chrome | 2026-07-04 | 6.5 Medium |
| Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium) | ||||
| CVE-2026-13953 | 1 Google | 1 Chrome | 2026-07-04 | 6.5 Medium |
| Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||