Export limit exceeded: 363020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363020 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57352 | 2026-07-02 | 4.8 Medium | ||
| Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions. | ||||
| CVE-2026-57358 | 2026-07-02 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions. | ||||
| CVE-2026-57426 | 2026-07-02 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions. | ||||
| CVE-2026-57677 | 2026-07-02 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions. | ||||
| CVE-2026-57684 | 2026-07-02 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions. | ||||
| CVE-2026-57690 | 2026-07-02 | 4.3 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions. | ||||
| CVE-2026-57749 | 2026-07-02 | 7.5 High | ||
| Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions. | ||||
| CVE-2026-32280 | 2 Go Standard Library, Golang | 2 Crypto/x509, Go | 2026-07-02 | 7.5 High |
| During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls. | ||||
| CVE-2026-57755 | 2026-07-02 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions. | ||||
| CVE-2026-52197 | 1 Utt | 1 Nv518g | 2026-07-02 | 7.5 High |
| An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component | ||||
| CVE-2026-37106 | 1 Dokuwiki | 1 Dokuwiki | 2026-07-02 | 9.8 Critical |
| An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration (a non-default feature). | ||||
| CVE-2026-13778 | 1 Google | 1 Chrome | 2026-07-02 | 7.8 High |
| Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical) | ||||
| CVE-2026-13779 | 1 Google | 1 Chrome | 2026-07-02 | 8.1 High |
| Use after free in Chromoting in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) | ||||
| CVE-2026-13785 | 1 Google | 1 Chrome | 2026-07-02 | 9.6 Critical |
| Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13786 | 1 Google | 1 Chrome | 2026-07-02 | 8.8 High |
| Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13790 | 1 Google | 1 Chrome | 2026-07-02 | 6.5 Medium |
| Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13795 | 1 Google | 1 Chrome | 2026-07-02 | 6.5 Medium |
| Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13798 | 1 Google | 1 Chrome | 2026-07-02 | 9.6 Critical |
| Heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13802 | 1 Google | 1 Chrome | 2026-07-02 | 7.5 High |
| Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-11896 | 2 Joedolson, Wordpress | 2 My Calendar – Accessible Event Manager, Wordpress | 2026-07-02 | 5.3 Medium |
| The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.14 via the 'vcal' parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to enumerate occurrence IDs and access the full iCalendar export of non-public, draft, trashed, and personal calendar events, disclosing sensitive event metadata including titles, descriptions, dates, locations, organizer and host details, permalinks, and related calendar metadata. | ||||