Export limit exceeded: 360957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (360957 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13864 1 Google 1 Chrome 2026-07-02 8.1 High
Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2026-13866 1 Google 1 Chrome 2026-07-02 6.5 Medium
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13871 1 Google 1 Chrome 2026-07-02 6.5 Medium
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13886 1 Google 1 Chrome 2026-07-02 6.5 Medium
Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13896 1 Google 1 Chrome 2026-07-02 6.5 Medium
Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13897 1 Google 1 Chrome 2026-07-02 8.8 High
Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13907 1 Google 1 Chrome 2026-07-02 4.2 Medium
Inappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-9145 2 Crmperks, Wordpress 2 Database For Contact Form 7, Wpforms, Elementor Forms, Wordpress 2026-07-02 6.5 Medium
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the create_entry_el() function in versions up to, and including, 1.5.1. The function reads raw_value from Elementor Pro's Form_Record object for upload-type fields and passes it directly to PHP's copy() without validating that the value corresponds to a legitimately uploaded file — when no file is present in $_FILES, raw_value reflects the attacker-controlled POST string. copy() accepts both local filesystem paths and URL sources, so the attacker can target any file readable by the PHP process or supply an attacker-controlled remote URL. Elementor Pro is a prerequisite for triggering the code path (it owns the elementor_pro/forms/new_record hook and populates the Form_Record object), but the bug itself is entirely in Contact Form Entries' handler. This could allow unauthenticated attackers to disclose arbitrary files on the affected site's server. The file is copied to a directory unknown to the attacker; the hashed directory name provides defense-in-depth but is generated from non-cryptographic sources (uniqid() + rand()) and should not be relied upon as the primary mitigation.
CVE-2026-57760 2026-07-02 5.3 Medium
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29.
CVE-2026-57678 2026-07-02 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16.
CVE-2026-56037 2026-07-02 8.8 High
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.
CVE-2026-27060 2026-07-02 8.8 High
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
CVE-2025-69134 2026-07-02 7.5 High
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.
CVE-2026-57765 2026-07-02 8.5 High
Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.
CVE-2026-57764 2026-07-02 6.5 Medium
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
CVE-2026-57763 2026-07-02 6.5 Medium
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
CVE-2026-57761 2026-07-02 7.1 High
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
CVE-2026-57759 2026-07-02 8.8 High
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
CVE-2026-57758 2026-07-02 7.1 High
Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
CVE-2026-57757 2026-07-02 7.1 High
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.