130749 matches found
CVE-2026-61860
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2026-61860 ImageMagick before 7.1.2-26 Use-After-Free via freetype
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service...
EUVD-2026-44610
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service...
WordPress WP Video Gallery <=1.7.1 - SQL Injection
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
Guten Free Options - Cross Site Scripting
Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...
JustRows WordPress - Cross-Site Scripting
JustRows free WordPress plugin v0.2 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
Web Directory Free < 1.7.3 - Local File Inclusion
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include, which could lead to Local File Inclusion issues. id: CVE-2024-3673 info: name: Web Directory Free 1.7.3 - Local File Inclusion author: s4e-io severity: critical description: | The Web...
My Geo Posts Free <= 1.2 - PHP Object Injection
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...
WordPress Title Experiments Free <9.0.1 - SQL Injection
WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpextitles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive...
Security update for nasm (low)
openSUSE security update: security update for nasm ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21333-1 Rating: low References: bsc1261985 bsc1261986 Cross-References: CVE-2026-6067 CVE-2026-6068 CVSS scores: CVE-2026-6067 SUSE : 3.3...
CVE-2026-15777
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-15765
Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-15764
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-15777
CVE-2026-15777 – Use-after-free in the Chrome UI on Linux prior to 150.0.7871.125 can allow a remote attacker to induce heap corruption by tricking a user into performing specific UI gestures on a crafted HTML page. Affected product: Google Chrome (Linux UI subsystem). Root cause: use-after-free ...
CVE-2026-15774
CVE-2026-15774 is a Use-after-free in Skia affecting Google Chrome prior to 150.0.7871.125. The issue could allow a remote attacker (with renderer access) to escape the Chrome sandbox via a crafted HTML page. Public references show a Chrome security update (Stable Channel) and list this CVE among...
CVE-2026-15773
CVE-2026-15773 is a Use-After-Free in Chrome’s Core on Windows prior to 150.0.7871.125 that could allow a remote attacker to achieve a sandbox escape via a crafted HTML page. The vulnerability affects Google Chrome Windows builds and is tracked in multiple sources. No exploitation status is provi...
CVE-2026-15765
CVE-2026-15765 : Use-after-free in Ozone of Google Chrome prior to 150.0.7871.125. A remote attacker, tricking a user into specific UI gestures, could potentially exploit heap corruption via a crafted HTML page. The Chrome security update 150.0.7871.124/125 (Stable Channel) includes fixes for thi...
CVE-2026-58619
Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally...
CVE-2026-58613
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...