Export limit exceeded: 363401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363401 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14084 | 1 Google | 1 Chrome | 2026-07-05 | 8.8 High |
| Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Low) | ||||
| CVE-2026-48939 | 1 Icagenda.com | 1 Icagenda Extension For Joomla | 2026-07-05 | N/A |
| A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution. | ||||
| CVE-2025-56320 | 1 Cobblestone | 1 Enterprise Contract Management Portal | 2026-07-05 | 5.4 Medium |
| CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation." | ||||
| CVE-2026-48908 | 1 Joomshaper.net | 1 Sp Page Builder Extension For Joomla | 2026-07-05 | N/A |
| A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code. | ||||
| CVE-2026-12250 | 2026-07-05 | 7.9 High | ||
| Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4. | ||||
| CVE-2026-56290 | 1 Joomlack | 1 Page Builder Ck Extension For Joomla | 2026-07-05 | N/A |
| The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | ||||
| CVE-2025-67316 | 2 Heytap, Realme | 3 Internet Browser, Coloros, Hey Tap Coloros Browser | 2026-07-05 | 5.4 Medium |
| An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review. | ||||
| CVE-2026-14755 | 1 Code-projects | 1 Hotel And Tourism Reservation | 2026-07-05 | 7.3 High |
| A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-14089 | 1 Google | 1 Chrome | 2026-07-05 | 4.3 Medium |
| Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14091 | 1 Google | 1 Chrome | 2026-07-05 | 8.8 High |
| Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14100 | 1 Google | 1 Chrome | 2026-07-05 | 6.5 Medium |
| Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14105 | 1 Google | 1 Chrome | 2026-07-05 | 9.6 Critical |
| Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14107 | 1 Google | 1 Chrome | 2026-07-05 | 8.8 High |
| Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14108 | 1 Google | 1 Chrome | 2026-07-05 | 8.8 High |
| Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | ||||
| CVE-2026-14109 | 1 Google | 1 Chrome | 2026-07-05 | 9.6 Critical |
| Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14110 | 1 Google | 1 Chrome | 2026-07-05 | 4.3 Medium |
| Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14111 | 1 Google | 1 Chrome | 2026-07-05 | 8.1 High |
| Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2026-14122 | 1 Google | 1 Chrome | 2026-07-05 | 8.1 High |
| Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14126 | 1 Google | 1 Chrome | 2026-07-05 | 4.3 Medium |
| Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14128 | 1 Google | 1 Chrome | 2026-07-05 | 4.3 Medium |
| Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | ||||