206309 matches found
CVE-2026-36785
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2026-38579
Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...
CVE-2025-70103
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...
CVE-2026-10961
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508281950...
CVE-2026-10875
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-37737
sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...
CVE-2026-10952
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505231370...
CVE-2026-10874
A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...
CVE-2026-10950
An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505123022...
CVE-2026-10944
An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504215814...
CVE-2026-10951
An use after free flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505191883...
CVE-2026-10915
An use after free flaw was found in the Core component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497612174...
CVE-2026-10876
A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...
CVE-2026-10958
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507251069...
CVE-2026-11285
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502090914...
CVE-2026-11298
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502503860...
CVE-2026-10878
A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...
CVE-2026-10885
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504072665...
CVE-2026-11302
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504196549...
CVE-2026-11274
An inappropriate implementation flaw was found in the DOM Distiller component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501760514...
CVE-2026-11277
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501839664...
CVE-2026-10896
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513514692...
CVE-2026-11312
A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...
CVE-2026-11204
An inappropriate implementation flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505200733...
CVE-2026-11280
An insufficient validation of untrusted input flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501892820...
CVE-2026-11202
An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505144022...
CVE-2026-11165
An use after free flaw was found in the WebMIDI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502099949...
CVE-2026-11272
An insufficient validation of untrusted input flaw was found in the Reading List component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501747321...
CVE-2026-11205
An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505290253...
CVE-2026-11214
An inappropriate implementation flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508257850...
CVE-2026-47644
Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-5066
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...
CVE-2026-50590
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
CVE-2020-25900
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...
CVE-2026-47655
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...
CVE-2026-10877
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...
CVE-2026-42539
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...
CVE-2026-42329
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...
CVE-2026-42824
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-42543
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...
CVE-2026-42540
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...
CVE-2026-44898
A flaw was found in Mistune, a Python Markdown parser. This vulnerability occurs in the rendertocul function, which is responsible for building a table-of-contents. An attacker can craft malicious heading text that, when processed, allows for the injection of arbitrary HTML tags, including script...
CVE-2026-44896
A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows a remote attacker to inject malicious code into web pages, leading to Cross-Site Scripting XSS. The issue arises from the renderfigure function, which improperly handles figclass and figwidth options by directly...
CVE-2026-42547
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...
CVE-2026-44899
A flaw was found in Mistune, a Python Markdown parser. The Image directive plugin, responsible for handling image dimensions, improperly validates user-supplied input for width and height options. This allows a remote attacker to inject arbitrary CSS into style attributes, potentially leading to...
CVE-2026-44897
A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing specially crafted input to the HTMLRenderer.heading function. This input, containing a double-quote character in the HTML heading's ID attribute, is not properly sanitized,...
CVE-2026-44708
A flaw was found in Mistune, a Python Markdown parser. The mistune math plugin improperly handles user-supplied content, such as inline and block math, by directly embedding it into the HTML output without proper HTML escaping. This vulnerability, which can lead to Cross-Site Scripting XSS, allow...
CVE-2026-11326
OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...
CVE-2026-42538
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...
CVE-2026-10871
A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...