Export limit exceeded: 363758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363758 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-59794 | 1 Jetbrains | 1 Teamcity | 2026-07-11 | 7.3 High |
| In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data | ||||
| CVE-2026-59795 | 1 Jetbrains | 1 Teamcity | 2026-07-11 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible | ||||
| CVE-2026-59796 | 1 Jetbrains | 1 Teamcity | 2026-07-11 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks | ||||
| CVE-2026-52747 | 2026-07-11 | 8.6 High | ||
| ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS_POST because src/request_body_processor/multipart.cc overwrites reserved bytes in m_reserve instead of appending the current buffer. This creates a parser differential between ModSecurity and backend applications that preserve line breaks in form fields, allowing rules that inspect ARGS or ARGS_POST to miss payloads whose dangerous syntax depends on a line break. This issue is fixed in version 3.0.16. | ||||
| CVE-2026-20079 | 1 Cisco | 1 Secure Firewall Management Center | 2026-07-11 | 10 Critical |
| A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device. | ||||
| CVE-2026-15086 | 2026-07-11 | N/A | ||
| vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*. | ||||
| CVE-2026-11913 | 2026-07-11 | N/A | ||
| vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. | ||||
| CVE-2026-0128 | 1 Google | 1 Android | 2026-07-11 | 3.5 Low |
| In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-52196 | 1 Utt | 1 Nv518g | 2026-07-11 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_416f28 component | ||||
| CVE-2026-13775 | 1 Google | 1 Chrome | 2026-07-11 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13782 | 1 Google | 1 Chrome | 2026-07-11 | 9.6 Critical |
| Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13783 | 1 Google | 1 Chrome | 2026-07-11 | 9.6 Critical |
| Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13784 | 1 Google | 1 Chrome | 2026-07-11 | 9.6 Critical |
| Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13787 | 1 Google | 1 Chrome | 2026-07-11 | 8.1 High |
| Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) | ||||
| CVE-2026-13789 | 1 Google | 1 Chrome | 2026-07-11 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13797 | 1 Google | 1 Chrome | 2026-07-11 | 9.6 Critical |
| Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13798 | 1 Google | 1 Chrome | 2026-07-11 | 9.6 Critical |
| Heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13806 | 1 Google | 1 Chrome | 2026-07-11 | 8.1 High |
| Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13819 | 1 Google | 1 Chrome | 2026-07-11 | 8.1 High |
| Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13824 | 1 Google | 1 Chrome | 2026-07-11 | 7.5 High |
| Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||