Search
1,557 CVEs
CVEs (1,557, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 1,557 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10891 | HIGH | Patched | 8.8 | 2026-06-04 | Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium s… |
| CVE-2026-10893 | HIGH | Patched | 8.8 | 2026-06-04 | Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security s… |
| CVE-2026-10882 | HIGH | Patched | 8.8 | 2026-06-04 | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: … |
| CVE-2026-10883 | HIGH | Patched | 8.8 | 2026-06-04 | Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security… |
| CVE-2026-10885 | HIGH | Patched | 8.8 | 2026-06-04 | Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium secur… |
| CVE-2026-41236 | HIGH | 8.8 | 2026-06-04 | Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP … | |
| CVE-2026-5228 | HIGH | 8.8 | 2026-06-04 | Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. Th… | |
| CVE-2026-43985 | HIGH | 8.8 | 2026-06-04 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, bu… | |
| CVE-2026-49194 | HIGH | Patched | 8.8 | 2026-06-04 | The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. |
| CVE-2026-49190 | HIGH | Patched | 8.8 | 2026-06-04 | The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. |
| CVE-2026-41860 | HIGH | Patched | 8.8 | 2026-06-04 | CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_… |
| CVE-2026-46264 | HIGH | 8.8 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup… | |
| CVE-2026-36607 | HIGH | 8.8 | 2026-06-03 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the … | |
| CVE-2026-36608 | HIGH | 8.8 | 2026-06-03 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its ow… | |
| CVE-2026-35084 | HIGH | Patched | 8.8 | 2026-06-03 | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. |
| CVE-2026-35085 | HIGH | Patched | 8.8 | 2026-06-03 | A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. |
| CVE-2026-35082 | HIGH | Patched | 8.8 | 2026-06-03 | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. |
| CVE-2026-35083 | HIGH | Patched | 8.8 | 2026-06-03 | A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. |
| CVE-2025-15656 | HIGH | 8.8 | 2026-06-03 | Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. | |
| CVE-2025-14772 | HIGH | 8.8 | 2026-06-03 | Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2026-49143 | HIGH | 8.8 | 2026-06-02 | BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute… | |
| CVE-2026-49443 | HIGH | Patched | 8.8 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an accou… |
| CVE-2026-1829 | HIGH | 8.8 | 2026-06-02 | The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'et_pb_text' shortcod… | |
| CVE-2026-30650 | HIGH | 8.8 | 2026-06-02 | A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firm… | |
| CVE-2026-30652 | HIGH | 8.8 | 2026-06-02 | A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-… |