| CVE-2026-11017 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted… |
| CVE-2026-11016 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cra… |
| CVE-2026-11015 |
unknown |
— |
— |
|
|
|
14h ago |
Out of bounds read in WebGPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-11014 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted … |
| CVE-2026-11013 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive inform… |
| CVE-2026-11012 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… |
| CVE-2026-11011 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted H… |
| CVE-2026-11010 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … |
| CVE-2026-11009 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-11008 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a… |
| CVE-2026-11007 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v… |
| CVE-2026-11006 |
unknown |
— |
— |
|
|
|
14h ago |
Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-11005 |
unknown |
— |
— |
|
|
|
14h ago |
Out of bounds read in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proc… |
| CVE-2026-11004 |
unknown |
— |
— |
|
|
|
14h ago |
Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory … |
| CVE-2026-11002 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. … |
| CVE-2026-11001 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted … |
| CVE-2026-10999 |
unknown |
— |
— |
|
|
|
14h ago |
Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proces… |
| CVE-2026-10998 |
medium |
4.0 |
4.0 |
|
|
|
14h ago |
Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious network traffic. (Chromium s… |
| CVE-2026-10997 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control … |
| CVE-2026-10996 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2026-10995 |
unknown |
— |
— |
|
|
|
14h ago |
Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a … |
| CVE-2026-10994 |
unknown |
— |
— |
|
|
|
14h ago |
Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit… |
| CVE-2026-10993 |
unknown |
— |
— |
|
|
|
14h ago |
Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur… |
| CVE-2026-10992 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient data validation in Animation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (C… |
| CVE-2026-10990 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… |
| CVE-2026-10989 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via … |
| CVE-2026-10988 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… |
| CVE-2026-10985 |
unknown |
— |
— |
|
|
|
14h ago |
Out of bounds read in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-10984 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:… |
| CVE-2026-10983 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… |
| CVE-2026-10981 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted… |
| CVE-2026-10980 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cr… |
| CVE-2026-10979 |
unknown |
— |
— |
|
|
|
14h ago |
Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securi… |
| CVE-2026-10977 |
unknown |
— |
— |
|
|
|
14h ago |
Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium secur… |
| CVE-2026-10976 |
unknown |
— |
— |
|
|
|
14h ago |
Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security… |
| CVE-2026-10974 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi… |
| CVE-2026-10973 |
unknown |
— |
— |
|
|
|
14h ago |
Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-10972 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-10971 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a s… |
| CVE-2026-10968 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via … |
| CVE-2026-10966 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:… |
| CVE-2026-10955 |
unknown |
— |
— |
|
|
|
14h ago |
Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security sev… |
| CVE-2026-10951 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a… |
| CVE-2026-10950 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi… |
| CVE-2026-10944 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi… |
| CVE-2026-10938 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chr… |
| CVE-2026-10937 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-10931 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-10930 |
unknown |
— |
— |
|
|
|
14h ago |
Out of bounds read in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) |
| CVE-2026-10923 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High) |
| CVE-2026-10922 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin p… |
| CVE-2026-10916 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (… |
| CVE-2026-10912 |
unknown |
— |
— |
|
|
|
14h ago |
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a … |
| CVE-2026-10904 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… |
| CVE-2026-10897 |
unknown |
— |
— |
|
|
|
14h ago |
Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri… |
| CVE-2026-10893 |
unknown |
— |
— |
|
|
|
14h ago |
Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) |
| CVE-2026-10892 |
unknown |
— |
— |
|
|
|
14h ago |
Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C… |
| CVE-2026-10886 |
critical |
9.6 |
9.6 |
|
|
|
14h ago |
Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2026-10881 |
critical |
9.6 |
9.6 |
|
|
|
14h ago |
Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C… |
| CVE-2026-10875 |
medium |
6.3 |
6.3 |
|
|
|
14h ago |
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument… |
| CVE-2026-10874 |
medium |
6.3 |
6.3 |
|
|
|
14h ago |
A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument soc… |
| CVE-2024-27892 |
critical |
9.6 |
9.6 |
|
|
|
14h ago |
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi… |
| CVE-2024-27891 |
medium |
5.3 |
5.3 |
|
|
|
14h ago |
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgo… |
| CVE-2024-27890 |
critical |
9.6 |
9.6 |
|
|
|
14h ago |
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi… |
| CVE-2023-5502 |
medium |
5.9 |
5.9 |
|
|
|
14h ago |
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to by… |
| CVE-2026-11322 |
medium |
6.5 |
6.5 |
|
|
|
15h ago |
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the d… |
| CVE-2024-6858 |
unknown |
— |
— |
|
|
|
15h ago |
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. |
| CVE-2026-5066 |
medium |
6.3 |
6.3 |
|
|
|
16h ago |
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_… |
| CVE-2026-42538 |
medium |
6.3 |
6.3 |
|
|
|
16h ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca… |
| CVE-2026-42329 |
medium |
4.7 |
4.7 |
|
|
|
16h ago |
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redir… |
| CVE-2026-42547 |
medium |
5.4 |
5.4 |
|
|
|
16h ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi… |
| CVE-2026-42543 |
medium |
4.3 |
4.3 |
|
|
|
16h ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca… |
| CVE-2026-47708 |
unknown |
— |
— |
|
|
|
16h ago |
MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper |
| CVE-2026-42540 |
medium |
4.3 |
4.3 |
|
|
|
16h ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulate… |
| CVE-2026-42539 |
medium |
6.5 |
6.5 |
|
|
|
16h ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo… |
| CVE-2026-5589 |
unknown |
— |
— |
|
|
|
17h ago |
An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is… |
| CVE-2026-41522 |
unknown |
— |
— |
|
|
|
17h ago |
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql… |
| CVE-2026-21404 |
medium |
6.3 |
6.3 |
|
|
|
17h ago |
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can e… |
| CVE-2026-47703 |
unknown |
— |
— |
|
|
|
17h ago |
AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle |
| CVE-2026-48013 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation |
| CVE-2026-48015 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware: Stored XSS via SVG file upload — no SVG sanitization |
| CVE-2026-48016 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment |
| CVE-2026-48014 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware: Admin API ACL Bypass in Order State Transition Endpoints |
| CVE-2026-48012 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware SSO referer trust leading to an arbitrary redirect target |
| CVE-2026-48011 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames |
| CVE-2026-48010 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts |
| CVE-2026-48009 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware: Admin Account Takeover via User Recovery Hash Exposure |
| CVE-2026-48008 |
unknown |
— |
— |
|
|
|
18h ago |
Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass |
| CVE-2026-48480 |
unknown |
— |
— |
|
|
|
18h ago |
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograp… |
| CVE-2026-36499 |
medium |
6.5 |
6.5 |
|
sles |
|
18h ago |
A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. T… |
| CVE-2025-71316 |
critical |
9.8 |
9.8 |
|
|
|
18h ago |
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL wi… |
| CVE-2025-65640 |
medium |
6.3 |
6.3 |
|
|
|
18h ago |
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating… |
| CVE-2026-50183 |
unknown |
— |
— |
|
|
|
18h ago |
WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section |
| CVE-2026-50182 |
unknown |
— |
— |
|
|
|
18h ago |
WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination |
| CVE-2026-49279 |
unknown |
— |
— |
|
|
|
18h ago |
WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass) |
| CVE-2026-8462 |
unknown |
— |
— |
|
|
|
19h ago |
OpenMeter: SQL injection through meter creation |
| CVE-2026-48040 |
unknown |
— |
— |
|
|
|
19h ago |
The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses… |
| CVE-2026-25550 |
critical |
9.8 |
9.8 |
|
|
|
19h ago |
Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The serv… |
| CVE-2026-10880 |
critical |
9.8 |
9.8 |
|
|
|
19h ago |
OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticat… |
| CVE-2025-67447 |
critical |
9.8 |
9.8 |
|
|
|
19h ago |
The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address … |
