Export limit exceeded: 335907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4711 | 2026-03-24 | N/A | ||
| Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4713 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4714 | 2026-03-24 | N/A | ||
| Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4715 | 2026-03-24 | N/A | ||
| Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4717 | 2026-03-24 | N/A | ||
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4718 | 2026-03-24 | N/A | ||
| Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4720 | 2026-03-24 | N/A | ||
| Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. | ||||
| CVE-2026-4721 | 2026-03-24 | N/A | ||
| Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. | ||||
| CVE-2026-4722 | 2026-03-24 | 8.8 High | ||
| Privilege escalation in the IPC component. This vulnerability affects Firefox < 149. | ||||
| CVE-2026-4725 | 2026-03-24 | N/A | ||
| Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149. | ||||
| CVE-2026-4726 | 2026-03-24 | N/A | ||
| Denial-of-service in the XML component. This vulnerability affects Firefox < 149. | ||||
| CVE-2026-4727 | 2026-03-24 | N/A | ||
| Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149. | ||||
| CVE-2026-4728 | 2026-03-24 | N/A | ||
| Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149. | ||||
| CVE-2026-4729 | 2026-03-24 | N/A | ||
| Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149. | ||||
| CVE-2026-4616 | 1 Bolo-blog | 1 Bolo-solo | 2026-03-24 | 2.4 Low |
| A security flaw has been discovered in bolo-blog 까지 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-4632 | 1 Itsourcecode | 1 Online Enrollment System | 2026-03-24 | 7.3 High |
| A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-4662 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-03-24 | 7.5 High |
| The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled input to bypass security checks) combined with the `prepare_where_clause()` method in the SQL Query Builder not sanitizing the `compare` operator before concatenating it into SQL statements. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, provided the site has a JetEngine Listing Grid with Load More enabled that uses a SQL Query Builder query. | ||||
| CVE-2026-4673 | 1 Google | 1 Chrome | 2026-03-24 | 8.8 High |
| Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-4674 | 1 Google | 1 Chrome | 2026-03-24 | 8.8 High |
| Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-4675 | 1 Google | 1 Chrome | 2026-03-24 | 8.8 High |
| Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||||