Export limit exceeded: 364491 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364491 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15125 | 1 Google | 1 Chrome | 2026-07-10 | 8.8 High |
| Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15126 | 1 Google | 1 Chrome | 2026-07-10 | 8.8 High |
| Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15128 | 1 Google | 1 Chrome | 2026-07-10 | 6.1 Medium |
| Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15131 | 1 Google | 1 Chrome | 2026-07-10 | 4.3 Medium |
| Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-47826 | 2026-07-10 | N/A | ||
| The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4. | ||||
| CVE-2026-11571 | 2026-07-10 | 7.5 High | ||
| The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames. | ||||
| CVE-2026-11875 | 2026-07-10 | 5.3 Medium | ||
| The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner (identified by email address) to read, reply to, and close that person's support tickets. | ||||
| CVE-2026-58307 | 1 Samsung Open Source | 1 Escargot | 2026-07-10 | 6.1 Medium |
| Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c. | ||||
| CVE-2026-54799 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-10 | 6.7 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise. | ||||
| CVE-2026-21057 | 2026-07-10 | N/A | ||
| Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2026-21056 | 2026-07-10 | N/A | ||
| Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. | ||||
| CVE-2026-21055 | 2026-07-10 | N/A | ||
| Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege. | ||||
| CVE-2026-21054 | 2026-07-10 | N/A | ||
| Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | ||||
| CVE-2026-21053 | 2026-07-10 | N/A | ||
| Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox. | ||||
| CVE-2026-21052 | 2026-07-10 | N/A | ||
| Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. | ||||
| CVE-2026-21051 | 2026-07-10 | N/A | ||
| Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | ||||
| CVE-2026-21050 | 2026-07-10 | N/A | ||
| Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2026-21049 | 2026-07-10 | N/A | ||
| Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2026-21048 | 2026-07-10 | N/A | ||
| Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | ||||
| CVE-2026-21046 | 2026-07-10 | N/A | ||
| Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code. | ||||