21194 matches found
EUVD-2026-40786
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40745
Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13956
Incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13810
Inappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
CVE-2026-14024
CVE-2026-14024 is a use-after-free in Chrome’s Ozone on Linux, prior to 150.0.7871.47. A remote attacker could trick a user into specific UI gestures to trigger heap corruption via a crafted HTML page. Affected software is Google Chrome (Linux) with Ozone integration; root cause: use-after-free i...
ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments
A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...
TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability
A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...
iboss Secure Web Gateway - Stored Cross-Site Scripting
A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...
Code-Projects School Fees Payment System 1.0 - SQL Injection
A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2026-12912
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT8BITABGR output format and a specific stride value, leading to a heap-base...
CVE-2026-13580
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit...
EUVD-2026-40124
A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit...
CVE-2026-13569
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...
EUVD-2026-40088
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...
CVE-2026-13558
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation o...
CVE-2026-13565
The vulnerability CVE-2026-13565 affects SourceCodester Class and Exam Timetabling System (1.0/1.php). The issue is in /edit_class1.php where manipulating the argument ID enables SQL injection, a remotely triggerable flaw. Publicly disclosed exploit exists (proof-of-concept). Affected component: ...
EUVD-2026-40076
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /editclass1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...
EUVD-2026-40074
A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...
gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...
CVE-2026-13557
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/modroom/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack m...