Export limit exceeded: 363674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363674 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-52190 | 1 Utt | 1 Nv518g | 2026-07-06 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component | ||||
| CVE-2026-54399 | 2026-07-06 | 7.5 High | ||
| Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive header length | ||||
| CVE-2026-14798 | 1 Codeastro | 1 Apartment Visitor Management System | 2026-07-06 | 6.3 Medium |
| A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-13949 | 1 Google | 1 Chrome | 2026-07-06 | 6.5 Medium |
| Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14047 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2026-14073 | 1 Google | 1 Chrome | 2026-07-06 | 4.3 Medium |
| Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14100 | 1 Google | 1 Chrome | 2026-07-06 | 6.5 Medium |
| Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14122 | 1 Google | 1 Chrome | 2026-07-06 | 8.1 High |
| Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-54408 | 2026-07-06 | 8.6 High | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming. | ||||
| CVE-2026-14121 | 1 Google | 1 Chrome | 2026-07-05 | 9.8 Critical |
| Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low) | ||||
| CVE-2026-13796 | 1 Google | 1 Chrome | 2026-07-05 | 9.6 Critical |
| Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-44619 | 1 Tinxy | 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware | 2026-07-05 | 9.1 Critical |
| Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication. | ||||
| CVE-2023-39809 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2026-07-05 | 9.8 Critical |
| N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php. | ||||
| CVE-2023-39808 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2026-07-05 | 9.8 Critical |
| N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer. | ||||
| CVE-2023-39807 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2026-07-05 | 9.8 Critical |
| N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php. | ||||
| CVE-2021-27821 | 1 Openwrt | 1 Luci | 2026-07-05 | 6.1 Medium |
| The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability. | ||||
| CVE-2024-23054 | 1 Plone | 1 Plone Docker Official Image | 2026-07-05 | 9.8 Critical |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). | ||||
| CVE-2023-47415 | 1 Cypress | 2 Ctm-200, Ctm-200 Firmware | 2026-07-05 | 7.5 High |
| Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter. | ||||
| CVE-2024-22873 | 1 Tencent | 2 Blueking Configuration Management Database, Cmdb | 2026-07-05 | 8.1 High |
| Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request. | ||||
| CVE-2026-8657 | 1 Benjamine | 1 Jsondiffpatch | 2026-07-05 | 8.2 High |
| Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like __proto__ or constructor.prototype, allowing modification of Object.prototype. | ||||