CVE search

363,843 results
CVE-2026-13021MEDIUMInappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass sEPSS 0.1%CVE-2026-13038HIGHUse after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a craEPSS 0.3%CVE-2026-13033HIGHOut of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitraryEPSS 0.3%CVE-2026-13032CRITICALUse after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escapEPSS 0.2%CVE-2026-13028CRITICALUse after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escapEPSS 0.2%CVE-2026-49220MEDIUMJellyfin: Potential XSS in user managementEPSS 0.2%CVE-2026-48793HIGHJellyfin: Potential FFmpeg argument injection via unescaped subtitle file pathEPSS 0.4%CVE-2026-49246LOWJellyfin: Potential MKV attachment filename path traversal to RCEEPSS 0.3%CVE-2026-49247HIGHJellyfin: Potential Authenticated path traversal in /ClientLog/DocumentEPSS 0.3%CVE-2026-53943CRITICALGhost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview headerEPSS 0.2%CVE-2026-12760HIGHDenial-of-Service Vulnerability via Malformed IPv4 Fragmentation Handling in TP-Link Tapo C200EPSS 0.2%CVE-2026-53944MEDIUMGhost: Private IP filtering bypass to make server-side requests to internal servicesEPSS 0.2%CVE-2026-53945MEDIUMGhost: Server-side request forgery via DNS rebinding in external request handlingEPSS 0.1%CVE-2026-53946MEDIUMGhost: Mobiledoc image-size fetch SSRFEPSS 0.1%CVE-2026-53947MEDIUMGhost: Member existence leak via magic link sign-in responseEPSS 0.2%CVE-2026-53948MEDIUMGhost: File Upload Content-Type SpoofingEPSS 0.1%CVE-2026-53949MEDIUMGhost Content API filter bypass reveals private fieldsEPSS 0.2%CVE-2026-53950HIGH@tryghost/activitypub: XSS in Ghost's ActivityPub clientEPSS 0.2%CVE-2026-49980CRITICALRclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fixEPSS 0.7%CVE-2026-44017HIGHDocling: Unsafe Zip Extraction in EasyOCR Model DownloadEPSS 0.5%