Export limit exceeded: 356011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356011 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42547 | 1 Dfir-iris | 1 Iris | 2026-06-05 | 5.4 Medium |
| IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination with Cross-Site Scripting, this can also be used to exfiltrate alerts from other customers. Version 2.4.28 contains a patch. | ||||
| CVE-2026-10874 | 1 Projectworlds | 2 Online Art Gallery Shop, Online Art Gallery Shop Project | 2026-06-05 | 6.3 Medium |
| A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument social_insta leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-11016 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11017 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11021 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11296 | 1 Google | 1 Chrome | 2026-06-05 | 7.5 High |
| Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-11011 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11012 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11211 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-10856 | 1 Solvera Software | 1 Teknoera | 2026-06-05 | 8.1 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection. This issue affects Teknoera: through 01102025. | ||||
| CVE-2025-10876 | 1 Talentsoftware | 1 Bap Automation | 2026-06-05 | 5.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Cross-Site Scripting (XSS). This issue affects e-BAP Automation: from 1.8.96 before v.41815. | ||||
| CVE-2025-10912 | 1 Saastech Cleaning And Internet Services Inc. | 1 Temizlikyolda | 2026-06-05 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables. This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10913 | 1 Saastech Cleaning And Internet Services Inc. | 1 Temizlikyolda | 2026-06-05 | 8.3 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS). This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10914 | 1 Proliz Software | 1 Obs | 2026-06-05 | 7.6 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Reflected XSS. This issue affects OBS (Student Affairs Information System): before V26.0401. | ||||
| CVE-2025-10955 | 1 Netcad | 1 Netigma | 2026-06-05 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings. This issue affects Netigma: from 6.3.5 before 6.3.5 V8. | ||||
| CVE-2025-10968 | 1 Gg Soft | 1 Paperwork | 2026-06-05 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection. This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398. | ||||
| CVE-2025-10969 | 2 Farktor, Farktor Software E-commerce Services Inc. | 2 E-commerce Package, E-commerce Package | 2026-06-05 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025. | ||||
| CVE-2026-11306 | 1 Google | 1 Chrome | 2026-06-05 | 8.8 High |
| Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | ||||
| CVE-2026-11132 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11139 | 1 Google | 1 Chrome | 2026-06-05 | N/A |
| Inappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||