Search
1,463 CVEs
CVEs (1,463, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 1,463 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-10930 | HIGH | Patched | 8.1 | 2026-06-04 | Out of bounds read in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrom… |
| CVE-2026-10887 | HIGH | Patched | 8.1 | 2026-06-04 | Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium sec… |
| CVE-2026-10863 | HIGH | Patched | 8.1 | 2026-06-04 | A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This al… |
| CVE-2025-59874 | HIGH | 8.1 | 2026-06-04 | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential di… | |
| CVE-2026-36603 | HIGH | 8.1 | 2026-06-03 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExter… | |
| CVE-2026-35079 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35080 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35081 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. |
| CVE-2026-35076 | HIGH | Patched | 8.1 | 2026-06-03 | The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35077 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35078 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-44654 | HIGH | Patched | 8.1 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DE… |
| CVE-2026-42211 | HIGH | Patched | 8.1 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code exe… |
| CVE-2026-39552 | HIGH | Patched | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inc… |
| CVE-2026-39553 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclus… | |
| CVE-2026-39555 | HIGH | 8.1 | 2026-06-02 | Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1. | |
| CVE-2025-68886 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusi… | |
| CVE-2025-69369 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion… | |
| CVE-2025-58707 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. … | |
| CVE-2025-58897 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusi… | |
| CVE-2026-39550 | HIGH | 8.1 | 2026-06-02 | Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | |
| CVE-2026-39551 | HIGH | 8.1 | 2026-06-02 | Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | |
| CVE-2025-53440 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusi… | |
| CVE-2025-58705 | HIGH | 8.1 | 2026-06-02 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion.… | |
| CVE-2026-5422 | HIGH | 8.1 | 2026-06-02 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_serve… |