Export limit exceeded: 359301 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359301 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359301 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48643 | 1 Google | 1 Android | 2026-06-18 | 7.8 High |
| In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48617 | 1 Google | 1 Android | 2026-06-18 | 7.8 High |
| In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48640 | 1 Google | 1 Android | 2026-06-18 | 8 High |
| In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-53843 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 8.8 High |
| OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and maintaining unauthorized access longer than intended. | ||||
| CVE-2026-12466 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12462 | 1 Google | 1 Chrome | 2026-06-18 | 7.5 High |
| Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12449 | 1 Google | 1 Chrome | 2026-06-18 | 7.8 High |
| Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||||
| CVE-2026-12448 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9261 | 2026-06-18 | 6.8 Medium | ||
| Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier | ||||
| CVE-2026-12447 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-7273 | 1 Zyxel | 10 Gs1900-10hp Firmware, Gs1900-16 Firmware, Gs1900-24 Firmware and 7 more | 2026-06-18 | 8.8 High |
| A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request. | ||||
| CVE-2026-53842 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 7.1 High |
| OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDK_PYTHON variable to execute setup through unintended local Python paths, potentially enabling arbitrary code execution. | ||||
| CVE-2026-12468 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12467 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12465 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12464 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12454 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12452 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12451 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12445 | 1 Google | 1 Chrome | 2026-06-18 | 7.5 High |
| Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||