Export limit exceeded: 351640 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351640 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21643 | 1 Fortinet | 1 Forticlientems | 2026-05-19 | 9.1 Critical |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2026-35616 | 1 Fortinet | 1 Forticlientems | 2026-05-19 | 9.1 Critical |
| A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | ||||
| CVE-2026-8388 | 1 Mozilla | 1 Firefox | 2026-05-19 | 6.5 Medium |
| Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, and Firefox ESR 140.11. | ||||
| CVE-2026-42096 | 2026-05-19 | N/A | ||
| Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2026-46508 | 1 Vercel | 2 Turborepo, Turborepo Language Server Protocol | 2026-05-19 | 7.8 High |
| Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and task runs. A malicious workspace could provide crafted values through workspace settings or task names in the repository's source code that were interpolated into shell commands. When the extension activated or when a user ran a task through the extension, those values could be interpreted by the user's shell, allowing arbitrary command execution with the privileges of the local VS Code process. This vulnerability is fixed in 2.9.14000. | ||||
| CVE-2026-31069 | 2026-05-19 | N/A | ||
| BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf() without proper sanitization or identifier quoting. Although filter values are parameterized, the filter identifiers (keys) are not. An authenticated attacker with ROLE_ACCOUNT_MANAGER permissions can exploit this to execute arbitrary SQL commands. | ||||
| CVE-2026-45494 | 1 Microsoft | 1 Edge Chromium | 2026-05-19 | 5.4 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2026-32323 | 1 Mullvad | 1 Mullvad Vpn | 2026-05-19 | 7.3 High |
| Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is attacker-controlled or that the path is the legitimate Mullvad application. A user in the admin group can pre-place a crafted application bundle at that location and may be able to achieve code execution as root. Since the issue only affected the installer, there is no immediate need for users to update if they are already running an older version. This issue has been fixed in version 2026.2-beta1. | ||||
| CVE-2026-45492 | 1 Microsoft | 1 Edge Chromium | 2026-05-19 | 5.4 Medium |
| Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-31070 | 2026-05-19 | N/A | ||
| The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body | ||||
| CVE-2026-8950 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||
| CVE-2026-8951 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. | ||||
| CVE-2026-8953 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11. | ||||
| CVE-2026-8959 | 2026-05-19 | N/A | ||
| Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||
| CVE-2026-8962 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||
| CVE-2026-8963 | 1 Mozilla | 1 Firefox | 2026-05-19 | 7.5 High |
| Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151. | ||||
| CVE-2026-8967 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151. | ||||
| CVE-2026-8972 | 2026-05-19 | N/A | ||
| Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151. | ||||
| CVE-2026-8973 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151. | ||||
| CVE-2026-8956 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||