Export limit exceeded: 363502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363502 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14758 1 Radareorg 1 Radare2 2026-07-05 3.3 Low
A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmd_anal_opcode of the file libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The name of the patch is 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied to remediate this issue.
CVE-2026-13900 1 Google 1 Chrome 2026-07-05 6.5 Medium
Inappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-6509 2026-07-05 7.8 High
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation. This issue affects Pardus Update: from <=0.6.3 before 0.6.6.
CVE-2026-14757 1 Radareorg 1 Radare2 2026-07-05 5.3 Medium
A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function core_anal_bytes of the file libr/core/cmd_anal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is suggested to install a patch to address this issue.
CVE-2026-9085 2026-07-05 8.8 High
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing. This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0.
CVE-2026-12386 2026-07-05 3.9 Low
Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers. This issue affects Pardus Pen: from <=4.1.5 before 4.2.1.
CVE-2026-14756 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-05 7.3 High
A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/add_tour.php of the component Tour Management Page. The manipulation of the argument delete_image results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVE-2026-48939 1 Icagenda.com 1 Icagenda Extension For Joomla 2026-07-05 N/A
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
CVE-2025-56320 1 Cobblestone 1 Enterprise Contract Management Portal 2026-07-05 5.4 Medium
CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."
CVE-2026-48908 1 Joomshaper.net 1 Sp Page Builder Extension For Joomla 2026-07-05 N/A
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
CVE-2026-12250 2026-07-05 7.9 High
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.
CVE-2026-56290 1 Joomlack 1 Page Builder Ck Extension For Joomla 2026-07-05 N/A
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2025-67316 2 Heytap, Realme 3 Internet Browser, Coloros, Hey Tap Coloros Browser 2026-07-05 5.4 Medium
An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review.
CVE-2026-14755 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-05 7.3 High
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-14091 1 Google 1 Chrome 2026-07-05 8.8 High
Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14754 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-05 7.3 High
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/add_room.php. Executing a manipulation of the argument delete_image/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
CVE-2024-55488 1 Umbraco 1 Umbraco Cms 2026-07-05 6.5 Medium
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed access to the CMS. There was a deliberate decision made not to apply HTML sanitization at the product level.
CVE-2024-48733 1 Sas 1 Studio 2026-07-05 8.8 High
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.
CVE-2026-14753 1 Mjperpinosa 1 Stumasy 2026-07-05 7.3 High
A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2021-40905 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2026-07-05 8.8 High
The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner.