Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10911 | HIGH | Patched | 8.3 | 2026-06-04 | Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentiall… |
| CVE-2026-10915 | HIGH | Patched | 8.3 | 2026-06-04 | Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox es… |
| CVE-2026-10917 | HIGH | Patched | 8.3 | 2026-06-04 | Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentiall… |
| CVE-2026-10918 | HIGH | Patched | 8.3 | 2026-06-04 | Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via… |
| CVE-2026-10905 | HIGH | Patched | 8.3 | 2026-06-04 | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape… |
| CVE-2026-10908 | HIGH | Patched | 8.3 | 2026-06-04 | Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a … |
| CVE-2026-10909 | HIGH | Patched | 8.3 | 2026-06-04 | Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape vi… |
| CVE-2026-10898 | HIGH | Patched | 8.3 | 2026-06-04 | Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox esc… |
| CVE-2026-10889 | HIGH | Patched | 8.3 | 2026-06-04 | Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox esca… |
| CVE-2026-10894 | HIGH | Patched | 8.3 | 2026-06-04 | Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… |
| CVE-2026-10884 | HIGH | Patched | 8.3 | 2026-06-04 | Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox esc… |
| CVE-2026-49203 | HIGH | Patched | 8.3 | 2026-06-04 | Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. |
| CVE-2026-9669 | NONE | — | 2026-06-08 | bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted inpu… | |
| CVE-2026-49755 | NONE | Patched | — | 2026-06-08 | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client v… |
| CVE-2026-49234 | NONE | — | 2026-06-08 | When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow … | |
| CVE-2026-45327 | HIGH | 8.2 | 2026-06-05 | TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injectio… | |
| CVE-2026-41249 | HIGH | 8.2 | 2026-06-04 | CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_requ… | |
| CVE-2025-69755 | HIGH | 8.2 | 2026-06-04 | An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the … | |
| CVE-2019-25745 | HIGH | 8.2 | 2026-06-04 | WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by in… | |
| CVE-2019-25732 | HIGH | 8.2 | 2026-06-04 | PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |
| CVE-2019-25728 | HIGH | 8.2 | 2026-06-04 | Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie param… | |
| CVE-2019-25730 | HIGH | 8.2 | 2026-06-04 | Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id… | |
| CVE-2019-25726 | HIGH | 8.2 | 2026-06-04 | All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code t… | |
| CVE-2026-50205 | HIGH | Patched | 8.2 | 2026-06-04 | System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. |
| CVE-2026-41010 | HIGH | Patched | 8.2 | 2026-06-04 | ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], … |