Export limit exceeded: 363054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363054 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13911 | 1 Google | 1 Chrome | 2026-07-02 | 5.3 Medium |
| Insufficient policy enforcement in Spellcheck in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13913 | 1 Google | 1 Chrome | 2026-07-02 | 6.5 Medium |
| Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13915 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13920 | 1 Google | 1 Chrome | 2026-07-02 | 9.6 Critical |
| Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13924 | 1 Google | 1 Chrome | 2026-07-02 | 6.5 Medium |
| Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13928 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13936 | 1 Google | 1 Chrome | 2026-07-02 | 6.5 Medium |
| Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-58466 | 1 Estrellaxd | 1 Auto Bangumi | 2026-07-02 | 9.8 Critical |
| AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via add_default_user() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full control of the application, including RSS feed configuration, downloader configuration, and all authenticated API endpoints. | ||||
| CVE-2026-30689 | 1 Anjoy8 | 1 Blog.admin | 2026-07-02 | 4.3 Medium |
| In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service. | ||||
| CVE-2026-57766 | 2 Wordpress, Xplodedthemes | 2 Wordpress, Wpide - File Manager & Code Editor | 2026-07-02 | 8.8 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. | ||||
| CVE-2026-57759 | 2 Metagauss, Wordpress | 2 Profilegrid, Wordpress | 2026-07-02 | 8.8 High |
| Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions. | ||||
| CVE-2026-57753 | 2026-07-02 | 5.3 Medium | ||
| Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions. | ||||
| CVE-2026-57747 | 2026-07-02 | 6.5 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions. | ||||
| CVE-2026-57688 | 2026-07-02 | 8.2 High | ||
| Unauthenticated Broken Access Control in POS Entegratör <= 3.7.103 versions. | ||||
| CVE-2026-57361 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions. | ||||
| CVE-2026-58381 | 1 Redhat | 1 Enterprise Linux | 2026-07-02 | 6.1 Medium |
| A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution. | ||||
| CVE-2026-57682 | 2 Quantumcloud, Wordpress | 2 Simple Link Directory, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions. | ||||
| CVE-2026-57674 | 2 Arraytics, Wordpress | 2 Timetics, Wordpress | 2026-07-02 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Timetics <= 1.0.58 versions. | ||||
| CVE-2026-13942 | 1 Google | 1 Chrome | 2026-07-02 | 3.3 Low |
| Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13948 | 1 Google | 1 Chrome | 2026-07-02 | 3.1 Low |
| Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||