Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13909 | 1 Google | 1 Chrome | 2026-07-05 | 9.6 Critical |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13916 | 1 Google | 1 Chrome | 2026-07-05 | 4.3 Medium |
| Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14121 | 1 Google | 1 Chrome | 2026-07-05 | 9.8 Critical |
| Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low) | ||||
| CVE-2026-59519 | 2026-07-05 | 5.3 Medium | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6. | ||||
| CVE-2026-11781 | 2026-07-05 | 2.7 Low | ||
| The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them, such as other authors' unpublished post titles, pending comment content, the site's Adminify WordPress plugin before 4.2.10 inventory, and user account names. | ||||
| CVE-2026-14769 | 1 Code-projects | 1 Real State Services | 2026-07-05 | 7.3 High |
| A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-13796 | 1 Google | 1 Chrome | 2026-07-05 | 9.6 Critical |
| Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-44619 | 1 Tinxy | 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware | 2026-07-05 | 9.1 Critical |
| Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication. | ||||
| CVE-2023-39809 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2026-07-05 | 9.8 Critical |
| N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php. | ||||
| CVE-2023-39808 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2026-07-05 | 9.8 Critical |
| N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer. | ||||
| CVE-2023-39807 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2026-07-05 | 9.8 Critical |
| N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php. | ||||
| CVE-2021-27821 | 1 Openwrt | 1 Luci | 2026-07-05 | 6.1 Medium |
| The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability. | ||||
| CVE-2026-14762 | 1 Code-projects | 1 Hotel And Tourism Reservation | 2026-07-05 | 7.3 High |
| A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-8657 | 1 Benjamine | 1 Jsondiffpatch | 2026-07-05 | 8.2 High |
| Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like __proto__ or constructor.prototype, allowing modification of Object.prototype. | ||||
| CVE-2026-14756 | 1 Code-projects | 1 Hotel And Tourism Reservation | 2026-07-05 | 7.3 High |
| A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/add_tour.php of the component Tour Management Page. The manipulation of the argument delete_image results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-48939 | 1 Icagenda.com | 1 Icagenda Extension For Joomla | 2026-07-05 | N/A |
| A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution. | ||||
| CVE-2025-56320 | 1 Cobblestone | 1 Enterprise Contract Management Portal | 2026-07-05 | 5.4 Medium |
| CobbleStone Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation." | ||||
| CVE-2026-48908 | 1 Joomshaper.net | 1 Sp Page Builder Extension For Joomla | 2026-07-05 | N/A |
| A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code. | ||||
| CVE-2026-56290 | 1 Joomlack | 1 Page Builder Ck Extension For Joomla | 2026-07-05 | N/A |
| The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | ||||
| CVE-2025-67316 | 2 Heytap, Realme | 3 Internet Browser, Coloros, Hey Tap Coloros Browser | 2026-07-05 | 5.4 Medium |
| An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser. NOTE: The supplier is currently disputing this finding and the record is under review. | ||||