Lucene search
K

363761 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-22342

Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...

8.8CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-22334

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS0.00467EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.14 views

CVE-2026-22330

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

8.1CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-22331

Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...

8.1CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-22329

Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...

7.1CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-22328

Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...

7.1CVSS0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-22325

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-22326

Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...

8.1CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-22327

Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...

9.9CVSS0.00465EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.12 views

CVE-2026-12469

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS0.00186EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-12462

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00271EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-12464

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00222EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-12463

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

4.7CVSS0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-12467

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00222EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00426EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-12461

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-12465

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-12459

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS0.00181EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-12457

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.2CVSS0.00136EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.17 views

CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-12455

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-12456

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

4.2CVSS0.00137EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-12453

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

4.2CVSS0.0018EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-12448

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-12450

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00184EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-12449

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS0.00109EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-12451

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00173EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-12452

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-12454

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-12447

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00417EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2026-12439

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-12444

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: High...

5.5CVSS0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.7 views

CVE-2026-12445

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

7.5CVSS0.00158EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.6 views

CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00601EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-12441

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00301EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2026-12442

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00387EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-12446

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2026-12440

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-12360

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...

7.5CVSS0.00322EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 1:19 p.m.5 views

CVE-2026-12437

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2026-12438

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS0.00207EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-12115

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS0.00535EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 1:19 p.m.6 views

CVE-2026-12256

Contributor PHP Object Injection in Avada = 3.15.3 versions...

8.8CVSS0.00482EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.7 views

CVE-2026-12165

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

8.8CVSS0.00408EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2026-12199

A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request /SHUTDOWN%20THE%20SERVER to...

7.5CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-11410

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:19 p.m.12 views

CVE-2026-11409

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS
Exploits0References3
Total number of security vulnerabilities363761