Export limit exceeded: 366527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366527 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15765 | 1 Google | 1 Chrome | 2026-07-15 | 7.5 High |
| Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-15776 | 1 Google | 1 Chrome | 2026-07-15 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-56401 | 1 Wazuh | 1 Wazuh | 2026-07-15 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-57299 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-07-15 | 4.3 Medium |
| Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. | ||||
| CVE-2026-52195 | 1 Utt | 1 Nv518g | 2026-07-15 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component | ||||
| CVE-2026-52197 | 1 Utt | 1 Nv518g | 2026-07-15 | 7.5 High |
| An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component | ||||
| CVE-2026-52196 | 1 Utt | 1 Nv518g | 2026-07-15 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_416f28 component | ||||
| CVE-2026-52198 | 2026-07-15 | 7.5 High | ||
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_425994 component | ||||
| CVE-2026-13775 | 1 Google | 1 Chrome | 2026-07-15 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13777 | 1 Google | 1 Chrome | 2026-07-15 | 8.8 High |
| Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13785 | 1 Google | 1 Chrome | 2026-07-15 | 9.6 Critical |
| Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13786 | 1 Google | 1 Chrome | 2026-07-15 | 8.8 High |
| Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13787 | 1 Google | 1 Chrome | 2026-07-15 | 8.1 High |
| Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) | ||||
| CVE-2026-13788 | 1 Google | 1 Chrome | 2026-07-15 | 8.8 High |
| Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13790 | 1 Google | 1 Chrome | 2026-07-15 | 6.5 Medium |
| Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15409 | 1 Sonicwall | 1 Sma1000 | 2026-07-15 | 10 Critical |
| A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location. | ||||
| CVE-2026-61440 | 1 Praison | 1 Praisonai | 2026-07-15 | 6.5 Medium |
| PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to alter shared label taxonomy and manipulate issue-label associations without owner or admin authorization. | ||||
| CVE-2026-61427 | 1 Praison | 1 Praisonai | 2026-07-15 | 7.3 High |
| PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream' without an API key, an unauthenticated client (no Authorization header, and no Origin header, which is also permitted) can initialize a session, enumerate the available tools (tools/list), and invoke tools (tools/call). Additionally, the dispatcher forwards tool-call arguments to handlers without validating them against the advertised inputSchema. The server binds to 127.0.0.1 by default, so remote exploitation requires the operator to bind to a network-accessible address (e.g., --host 0.0.0.0). | ||||
| CVE-2026-57996 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-07-15 | 8.8 High |
| phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USER_ADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and attacker-chosen credentials to create a SuperAdmin account, then authenticate as that account to achieve full instance takeover. | ||||
| CVE-2026-56353 | 1 N8n | 1 N8n | 2026-07-15 | 4.8 Medium |
| n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth (a non-default configuration). In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Chat Trigger webhook endpoint can be circumvented, allowing access without valid credentials. Fixed in 1.123.22, 2.9.3, and 2.10.1. | ||||