Export limit exceeded: 366715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366715 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58360 | 2026-07-16 | 6.5 Medium | ||
| stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity. | ||||
| CVE-2026-31309 | 2026-07-16 | 9.8 Critical | ||
| Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node from v1.21.1-rc0 before v1.36.0 allows an unauthenticated attacker to arbitrarily overwrite the node's configuration and achieve a full node takeover via a crafted POST request. | ||||
| CVE-2026-63305 | 1 Wwbn | 1 Avideo | 2026-07-16 | 8.1 High |
| AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Attackers who can craft a valid encrypted payload can inject arbitrary shell metacharacters into these fields to execute OS commands as the web-server user. | ||||
| CVE-2026-63304 | 1 Wwbn | 1 Avideo | 2026-07-16 | 8.1 High |
| AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses() function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers who can craft a valid encrypted codeToExec payload can break out of the single-quoted grep context and execute arbitrary OS commands as the web-server user. | ||||
| CVE-2026-6424 | 2026-07-16 | N/A | ||
| Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system | ||||
| CVE-2026-22752 | 2026-07-16 | 9.6 Critical | ||
| Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10. | ||||
| CVE-2026-14017 | 1 Google | 1 Chrome | 2026-07-16 | 9.6 Critical |
| Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14020 | 1 Google | 1 Chrome | 2026-07-16 | 4.3 Medium |
| Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14023 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Insufficient validation of untrusted input in SanitizerAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14025 | 1 Google | 1 Chrome | 2026-07-16 | 8.8 High |
| Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14027 | 1 Google | 1 Chrome | 2026-07-16 | 8.8 High |
| Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14036 | 1 Google | 1 Chrome | 2026-07-16 | 8.8 High |
| Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14045 | 1 Google | 1 Chrome | 2026-07-16 | 4.3 Medium |
| Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14046 | 1 Google | 1 Chrome | 2026-07-16 | 4.3 Medium |
| Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14052 | 1 Google | 1 Chrome | 2026-07-16 | 4.3 Medium |
| Insufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14073 | 1 Google | 1 Chrome | 2026-07-16 | 4.3 Medium |
| Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14074 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14075 | 1 Google | 1 Chrome | 2026-07-16 | 4.3 Medium |
| Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14081 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2026-14082 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||