Export limit exceeded: 46426 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356032 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10990 | 1 Google | 1 Chrome | 2026-06-06 | 8.3 High |
| Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11004 | 1 Google | 1 Chrome | 2026-06-06 | 5.3 Medium |
| Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11010 | 1 Google | 1 Chrome | 2026-06-06 | 8.3 High |
| Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11009 | 1 Google | 1 Chrome | 2026-06-06 | 9.6 Critical |
| Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11441 | 1 Theonedev | 1 Onedev | 2026-06-06 | 6.3 Medium |
| A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely. Upgrading to version 15.0.6 is able to resolve this issue. It is advisable to upgrade the affected component. | ||||
| CVE-2026-11440 | 1 Theonedev | 1 Onedev | 2026-06-06 | 6.3 Medium |
| A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack remotely. Upgrading to version 15.0.6 is able to mitigate this issue. Upgrading the affected component is advised. | ||||
| CVE-2026-42824 | 1 Microsoft | 1 365 Copilot | 2026-06-06 | 6.5 Medium |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-47644 | 1 Microsoft | 1 Copilot Chat Edge | 2026-06-06 | 6.5 Medium |
| Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-47655 | 1 Microsoft | 1 Graph | 2026-06-06 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-49777 | 2026-06-06 | 10 Critical | ||
| Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version. | ||||
| CVE-2026-11001 | 1 Google | 1 Chrome | 2026-06-06 | 4.2 Medium |
| Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-10999 | 1 Google | 1 Chrome | 2026-06-06 | 6.1 Medium |
| Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-10994 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-10993 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-10992 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Insufficient data validation in Animation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11439 | 1 Theonedev | 1 Onedev | 2026-06-06 | 6.3 Medium |
| A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from remote. Upgrading to version 15.0.6 can resolve this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2026-11012 | 1 Google | 1 Chrome | 2026-06-06 | 8.3 High |
| Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11006 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11002 | 1 Google | 1 Chrome | 2026-06-06 | 8.3 High |
| Use after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11438 | 1 Theonedev | 1 Onedev | 2026-06-06 | 6.3 Medium |
| A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to version 15.0.6 addresses this issue. Upgrading the affected component is recommended. | ||||