Export limit exceeded: 359373 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359373 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-53855 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 8.1 High |
| OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to place inline-eval content in shell carriers outside intended allowlist rules, enabling execution of unapproved shell-provided content. | ||||
| CVE-2026-53849 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 8.1 High |
| OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change their display name to match a policy entry and gain unauthorized agent access intended for another Discord identity. | ||||
| CVE-2026-53843 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 8.8 High |
| OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and maintaining unauthorized access longer than intended. | ||||
| CVE-2026-12449 | 1 Google | 1 Chrome | 2026-06-18 | 7.8 High |
| Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||||
| CVE-2026-12448 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-9261 | 2026-06-18 | 6.8 Medium | ||
| Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier | ||||
| CVE-2026-12447 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-7273 | 1 Zyxel | 10 Gs1900-10hp Firmware, Gs1900-16 Firmware, Gs1900-24 Firmware and 7 more | 2026-06-18 | 8.8 High |
| A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request. | ||||
| CVE-2026-53842 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 7.1 High |
| OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDK_PYTHON variable to execute setup through unintended local Python paths, potentially enabling arbitrary code execution. | ||||
| CVE-2026-12454 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12451 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12445 | 1 Google | 1 Chrome | 2026-06-18 | 7.5 High |
| Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-12442 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-12441 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-12440 | 1 Google | 1 Chrome | 2026-06-18 | 9.6 Critical |
| Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-12438 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-6893 | 1 Redhat | 6 Dracut, Enterprise Linux, Hardened Images and 3 more | 2026-06-18 | 7.5 High |
| A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior. | ||||
| CVE-2025-55645 | 1 Gpac | 2 Gpac, Mp4box | 2026-06-18 | 5.5 Medium |
| A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55644 | 1 Gpac | 2 Gpac, Mp4box | 2026-06-18 | 5.5 Medium |
| A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2026-38061 | 2026-06-18 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter. | ||||