VIR Vulnerability Intelligence Relay

Search

Found 69,858 results in 4421ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-8587 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 24d ago Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E…
CVE-2026-8586 medium 5.5 5.5 FIX debian debianwindows windows google 24d ago Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
CVE-2026-8585 high 7.5 7.5 FIX debian debianmacos macoswindows windows google 24d ago Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a …
CVE-2026-8584 medium 4.2 4.2 FIX debian debianmacos macoswindows windows google 24d ago Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page…
CVE-2026-8583 medium 5.3 5.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa…
CVE-2026-8582 medium 5.3 5.3 FIX debian debianwindows windows google 24d ago Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se…
CVE-2026-8581 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8577 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8576 medium 4.3 4.3 FIX debian debian linux-kernelwindows windows google 24d ago Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security sev…
CVE-2026-8575 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…
CVE-2026-8574 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8573 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…
CVE-2026-8571 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
CVE-2026-8570 medium 6.5 6.5 FIX debian debianwindows windows google 24d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security sev…
CVE-2026-8569 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 24d ago Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: …
CVE-2026-8567 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: …
CVE-2026-8566 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec…
CVE-2026-8565 medium 4.7 4.7 FIX debian debianmacos macoswindows windows google 24d ago Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafte…
CVE-2026-8564 medium 4.2 4.2 FIX debian debianmacos macoswindows windows google 24d ago Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: M…
CVE-2026-8563 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium se…
CVE-2026-8562 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 24d ago Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu…
CVE-2026-8561 medium 5.4 5.4 FIX debian debianmacos macos linux-kernel google 24d ago Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8560 medium 4.3 4.3 FIX debian debianmacos macoswindows windows google 24d ago Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium securi…
CVE-2026-8559 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secu…
CVE-2026-8558 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8557 high 7.5 7.5 FIX debian debianwindows windows google 24d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (C…
CVE-2026-8555 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8552 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity…
CVE-2026-8551 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page…
CVE-2026-8550 medium 6.5 6.5 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memo…
CVE-2026-8549 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8548 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-8547 high 7.5 7.5 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via…
CVE-2026-8546 medium 5.3 5.3 FIX debian debianmacos macoswindows windows google 24d ago Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information fr…
CVE-2026-8544 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8543 medium 5.3 5.3 FIX debian debianmacos macoswindows windows google 24d ago Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive infor…
CVE-2026-8542 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8541 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 24d ago Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…
CVE-2026-8540 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8539 medium 5.4 5.4 FIX debian debianwindows windows google 24d ago Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security s…
CVE-2026-8538 medium 5.3 5.3 FIX debian debianwindows windows google 24d ago Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a craf…
CVE-2026-8537 medium 4.3 4.3 FIX debian debianwindows windows google 24d ago Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: H…
CVE-2026-8535 medium 5.3 5.3 FIX debian debian linux-kernelwindows windows google 24d ago Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informati…
CVE-2026-8534 high 8.3 8.3 FIX debian debian linux-kernelwindows windows google 24d ago Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
CVE-2026-8533 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
CVE-2026-8532 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8531 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity…
CVE-2026-8530 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-8529 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig…
CVE-2026-8528 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 24d ago Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a …
CVE-2026-8527 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi…
CVE-2026-8526 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8525 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 24d ago Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H…
CVE-2026-8524 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hig…
CVE-2026-8523 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-8522 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 24d ago Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8521 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CVE-2026-8520 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 24d ago Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8519 high 8.8 8.8 FIX debian debianwindows windows google 24d ago Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: …
CVE-2026-8518 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8517 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 24d ago Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a cra…
CVE-2026-8516 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 24d ago Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentia…
CVE-2026-8515 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted H…
CVE-2026-8514 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-8513 high 8.3 8.3 FIX debian debianwindows windows google 24d ago Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
CVE-2026-8512 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 24d ago Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr…
CVE-2026-8510 high 7.5 7.5 FIX debian debianwindows windows google 24d ago Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted …
CVE-2026-8509 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 24d ago Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti…
CVE-2026-46356 high 7.5 7.5 fleetdm 24d ago Fleet: IP spoofing allows bypassing API rate limiting
CVE-2026-44637 high 7.1 7.1 FIX debian debian sles saitoha 24d ago libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-boun…
CVE-2026-44636 high 7.8 7.8 FIX debian debian sles saitoha 24d ago libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu…
CVE-2026-43996 medium 5.5 5.5 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_…
CVE-2026-43909 high 8.8 8.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
CVE-2026-43908 high 8.8 8.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
CVE-2026-43907 high 8.3 8.3 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGB…
CVE-2026-43906 high 7.8 7.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the H…
CVE-2026-43905 high 7.8 7.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer…
CVE-2026-43904 high 7.8 7.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an…
CVE-2026-43903 high 7.8 7.8 debian debian openimageio 24d ago OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT…
CVE-2026-26062 medium 6.5 6.5 fleetdm 24d ago Fleet server may terminate unexpectedly when handling certain gRPC requests
CVE-2026-24899 high 7.5 7.5 fleetdm 24d ago Fleet Windows MDM Azure AD JWT Authentication Bypass
CVE-2026-24000 medium 5.3 5.3 fleetdm 24d ago Fleet has a rate limiting bypass via untrusted client IP headers
CVE-2026-45303 high 7.7 7.7 openwebui 24d ago Open WebUI has stored XSS via the HTML renedering view
CVE-2026-45299 medium 5.4 5.4 openwebui 24d ago Open WebUI has Stored Cross-Site Scripting In Profile Picture
CVE-2026-45021 medium 5.5 24d ago Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin…
CVE-2026-8621 high 8.8 8.8 24d ago Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers
CVE-2026-45371 high 8.0 24d ago SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs
CVE-2026-45148 medium 4.3 4.3 24d ago SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode
CVE-2026-45147 medium 4.3 4.3 24d ago SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk
CVE-2026-44633 high 8.1 8.1 24d ago Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in …
CVE-2026-44586 high 8.3 8.3 24d ago SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML wit…
CVE-2026-44522 high 8.0 24d ago Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution
CVE-2026-38740 medium 5.3 5.3 24d ago Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol (SDP), including ICE creden…
CVE-2026-27886 high 7.5 7.5 strapi 24d ago Strapi may leak sensitive data via relational filtering due to lack of query sanitization
CVE-2026-27680 medium 4.3 4.3 sap 24d ago Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the appl…
CVE-2026-23998 high 7.5 7.5 fleetdm 24d ago Fleet has a Windows MDM management endpoint authentication bypass
CVE-2026-22707 medium 5.4 5.4 strapi 24d ago Strapi Upload Plugin MIME Validation Bypass via Content API
CVE-2026-22706 medium 6.5 6.5 strapi 24d ago Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
CVE-2026-22599 high 7.2 7.2 strapi 24d ago Strapi Vulnerable to SQL Injection in Content Type Builder
CVE-2025-64526 medium 5.3 5.3 strapi 24d ago Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying