Export limit exceeded: 362460 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362460 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362460 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362460 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13916 1 Google 1 Chrome 2026-07-05 4.3 Medium
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14121 1 Google 1 Chrome 2026-07-05 9.8 Critical
Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)
CVE-2026-20457 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 5.3 Medium
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301.
CVE-2026-20458 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 7.5 High
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01402160; Issue ID: MSV-7298.
CVE-2026-20460 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 5.3 Medium
In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788.
CVE-2026-20461 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 5.3 Medium
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267281 / MOLY01318201; Issue ID: MSV-6486.
CVE-2026-11562 2026-07-05 4.3 Medium
The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.
CVE-2026-24242 1 Nvidia 1 Megatron-bridge 2026-07-05 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2026-59519 2026-07-05 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6.
CVE-2026-14769 1 Code-projects 1 Real State Services 2026-07-05 7.3 High
A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2026-13796 1 Google 1 Chrome 2026-07-05 9.6 Critical
Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-24244 1 Nvidia 1 Megatron-bridge 2026-07-05 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2025-44619 1 Tinxy 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware 2026-07-05 9.1 Critical
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
CVE-2023-39809 1 Nvki 1 Intelligent Broadband Subscriber Gateway 2026-07-05 9.8 Critical
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php.
CVE-2023-39808 1 Nvki 1 Intelligent Broadband Subscriber Gateway 2026-07-05 9.8 Critical
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer.
CVE-2023-39807 1 Nvki 1 Intelligent Broadband Subscriber Gateway 2026-07-05 9.8 Critical
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.
CVE-2026-14764 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-05 7.3 High
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/add_event.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2021-27821 1 Openwrt 1 Luci 2026-07-05 6.1 Medium
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability.
CVE-2024-23054 1 Plone 1 Plone Docker Official Image 2026-07-05 9.8 Critical
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).
CVE-2023-47415 1 Cypress 2 Ctm-200, Ctm-200 Firmware 2026-07-05 7.5 High
Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.