Export limit exceeded: 363367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363367 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14153 | 1 Google | 1 Chrome | 2026-07-04 | 5.3 Medium |
| Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-20458 | 1 Mediatek, Inc. | 1 Mediatek Chipset | 2026-07-04 | 7.5 High |
| In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01402160; Issue ID: MSV-7298. | ||||
| CVE-2026-20462 | 1 Mediatek, Inc. | 1 Mediatek Chipset | 2026-07-04 | 6.7 Medium |
| In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871. | ||||
| CVE-2026-10750 | 2026-07-04 | 8.1 High | ||
| The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify, or delete content owned by other users. | ||||
| CVE-2026-11883 | 2026-07-04 | 7.2 High | ||
| The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request. | ||||
| CVE-2026-50043 | 2026-07-04 | N/A | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege. | ||||
| CVE-2026-24247 | 1 Nvidia | 1 Megatron-bridge | 2026-07-04 | 7.8 High |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-14647 | 1 Onnx | 1 Onnx | 2026-07-04 | 4.3 Medium |
| A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: a7bf3a0f1d18bb62575236ef6e4944980c40e045. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2026-14642 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-07-04 | 7.3 High |
| A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-14410 | 1 Google | 1 Chrome | 2026-07-04 | 4.3 Medium |
| Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14382 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14411 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14412 | 1 Google | 1 Chrome | 2026-07-04 | 8.3 High |
| Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14416 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14400 | 1 Google | 1 Chrome | 2026-07-04 | 8.3 High |
| Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14423 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14413 | 1 Google | 1 Chrome | 2026-07-04 | 8.3 High |
| Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14419 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-14432 | 1 Google | 1 Chrome | 2026-07-04 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14641 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-07-04 | 7.3 High |
| A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||