Search
127,949 CVEs · High severity
CVEs (127,949, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 127,949 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8520 | HIGH | Patched | 8.3 | 2026-05-14 | Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security seve… |
| CVE-2026-8519 | HIGH | Patched | 8.8 | 2026-05-14 | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (C… |
| CVE-2026-8518 | HIGH | Patched | 8.8 | 2026-05-14 | Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium sec… |
| CVE-2026-8517 | HIGH | Patched | 8.8 | 2026-05-14 | Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execu… |
| CVE-2026-8515 | HIGH | Patched | 8.3 | 2026-05-14 | Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a san… |
| CVE-2026-8514 | HIGH | Patched | 8.3 | 2026-05-14 | Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v… |
| CVE-2026-8513 | HIGH | Patched | 8.3 | 2026-05-14 | Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… |
| CVE-2026-8512 | HIGH | Patched | 8.3 | 2026-05-14 | Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perfor… |
| CVE-2026-8510 | HIGH | Patched | 7.5 | 2026-05-14 | Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds … |
| CVE-2026-8509 | HIGH | Patched | 8.8 | 2026-05-14 | Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromi… |
| CVE-2026-8501 | HIGH | 7.8 | 2026-06-01 | Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interfa… | |
| CVE-2026-8438 | HIGH | 7.2 | 2026-06-06 | The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due … | |
| CVE-2026-8434 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave th… |
| CVE-2026-8433 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team gave this vulne… |
| CVE-2026-8432 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave this vulnera… |
| CVE-2026-8431 | HIGH | 7.2 | 2026-05-12 | An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template … | |
| CVE-2026-8430 | HIGH | 8.1 | 2026-05-12 | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execu… | |
| CVE-2026-8429 | HIGH | 8.8 | 2026-05-12 | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web s… | |
| CVE-2026-8428 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/co… |
| CVE-2026-8427 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id). The Concrete CMS security tea… |
| CVE-2026-8426 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who cont… |
| CVE-2026-8421 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/controllers/single_page/dashboard/extend/install.php. An attacker wh… |
| CVE-2026-8417 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() method in concrete… |
| CVE-2026-8416 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS security team g… |
| CVE-2026-8415 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team ga… |