Export limit exceeded: 364428 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364428 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23556 | 2026-07-09 | N/A | ||
| When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota. | ||||
| CVE-2025-69624 | 3 Gonitro, Microsoft, Nitro | 3 Nitro Pdf Pro, Windows, Pdf Pro | 2026-07-09 | 7.5 High |
| Nitro PDF Pro before 14.43 for Windows contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF. For example, 14.41.1.4 and 14.42.0.34 have been reported as vulnerable. | ||||
| CVE-2026-39087 | 1 Ntfy | 1 Ntfy.sh | 2026-07-09 | 6.4 Medium |
| ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs. | ||||
| CVE-2026-48611 | 1 Phpbb | 1 Phpbb | 2026-07-09 | N/A |
| Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations. | ||||
| CVE-2026-0128 | 1 Google | 1 Android | 2026-07-09 | 3.5 Low |
| In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-13022 | 1 Google | 1 Chrome | 2026-07-09 | 3.1 Low |
| Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-54799 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-09 | 6.7 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise. | ||||
| CVE-2026-54800 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-09 | 4.8 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions. | ||||
| CVE-2026-59208 | 2026-07-09 | N/A | ||
| n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1. | ||||
| CVE-2026-52195 | 1 Utt | 1 Nv518g | 2026-07-09 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component | ||||
| CVE-2026-13776 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13782 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13786 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13788 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13790 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13792 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13796 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13797 | 1 Google | 1 Chrome | 2026-07-09 | 9.6 Critical |
| Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13801 | 1 Google | 1 Chrome | 2026-07-09 | 8.3 High |
| Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13804 | 1 Google | 1 Chrome | 2026-07-09 | 8.3 High |
| Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||