Search

Search Results (364330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-11913 2026-07-13 N/A
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.
CVE-2026-15552 1 Ragic 1 Enterprise Cloud Database 2026-07-13 6.1 Medium
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.
CVE-2026-15539 1 Sourcecodester 1 Online Book Store System 2026-07-13 4.7 Medium
A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2026-15538 1 Primefaces 1 Primereact 2026-07-13 6.3 Medium
A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2026-57280 1 Jenkins Project 1 Jenkins Script Security Plugin 2026-07-13 8.8 High
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.
CVE-2026-57297 2 Jenkins, Jenkins Project 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin 2026-07-13 5.4 Medium
A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.
CVE-2026-57299 2 Jenkins, Jenkins Project 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin 2026-07-13 4.3 Medium
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.
CVE-2026-52195 1 Utt 1 Nv518g 2026-07-13 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component
CVE-2026-52197 1 Utt 1 Nv518g 2026-07-13 7.5 High
An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component
CVE-2026-52193 2026-07-13 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component
CVE-2026-13774 1 Google 1 Chrome 2026-07-13 8.1 High
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)
CVE-2026-13780 1 Google 1 Chrome 2026-07-13 9.6 Critical
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-13781 1 Google 1 Chrome 2026-07-13 9.6 Critical
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-13783 1 Google 1 Chrome 2026-07-13 9.6 Critical
Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-13784 1 Google 1 Chrome 2026-07-13 9.6 Critical
Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-13786 1 Google 1 Chrome 2026-07-13 8.8 High
Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-13787 1 Google 1 Chrome 2026-07-13 8.1 High
Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CVE-2026-7162 1 Winfsp 1 Winfsp 2026-07-13 7.8 High
Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software.
CVE-2026-12582 2026-07-13 N/A
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.
CVE-2026-12397 2026-07-13 N/A
The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level (self-registerable) account to read other employers' private account email addresses by enumerating job identifiers.