Export limit exceeded: 363391 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363391 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-37700 1 Easycorp 1 Zentao 2026-07-04 7.5 High
Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.
CVE-2020-22983 1 Microstrategy 1 Microstrategy Web 2026-07-04 8.1 High
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
CVE-2022-25521 1 Nuuo 1 Network Video Recorder Firmware 2026-07-04 9.8 Critical
NUUO v03.11.00 was discovered to contain access control issue.
CVE-2022-33077 1 Nopcommerce 1 Nopcommerce 2026-07-04 7.5 High
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
CVE-2026-13821 1 Google 1 Chrome 2026-07-04 8.8 High
Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13854 1 Google 1 Chrome 2026-07-04 9.6 Critical
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13871 1 Google 1 Chrome 2026-07-04 6.5 Medium
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14684 1 Hdrhistogram 1 Hdrhistogram 2026-07-04 3.3 Low
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2022-41542 1 Devhubapp 1 Devhub 2026-07-04 5.4 Medium
devhub 0.102.0 was discovered to contain a broken session control.
CVE-2026-13893 1 Google 1 Chrome 2026-07-04 6.5 Medium
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)
CVE-2026-13953 1 Google 1 Chrome 2026-07-04 6.5 Medium
Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13959 1 Google 1 Chrome 2026-07-04 4.3 Medium
Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13972 1 Google 1 Chrome 2026-07-04 4.3 Medium
Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13978 1 Google 1 Chrome 2026-07-04 4.3 Medium
Insufficient policy enforcement in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14003 1 Google 1 Chrome 2026-07-04 4.3 Medium
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2026-14015 1 Google 1 Chrome 2026-07-04 6.5 Medium
Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14683 1 Hdrhistogram 1 Hdrhistogram 2026-07-04 3.3 Low
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-14115 1 Google 1 Chrome 2026-07-04 7.5 High
Insufficient validation of untrusted input in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14154 1 Google 1 Chrome 2026-07-04 4.8 Medium
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2026-20460 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-04 5.3 Medium
In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788.