CVE search

367,067 results
CVE-2026-3652HIGHARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' ParameterEPSS 0.2%CVE-2026-11614MEDIUMXpro Addons <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via 'custom_attributes' Parameter of Multiple WidgetsEPSS 0.3%CVE-2026-12681HIGHImproper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does noEPSS 0.2%CVE-2026-54639HIGHStyle Dictionary - Prototype Pollution in convertTokenData utility functionEPSS 0.1%CVE-2025-60471MEDIUMA use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 alEPSS 0.1%CVE-2025-60474HIGHA buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to causEPSS 0.6%CVE-2026-49269HIGHApple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run aEPSS 0.3%CVE-2025-60466MEDIUMA use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackersEPSS 0.1%CVE-2025-60468MEDIUMGPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: caEPSS 0.1%CVE-2025-60473MEDIUMA NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allowEPSS 0.1%CVE-2025-60467HIGHA use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allowEPSS 0.5%CVE-2026-7574HIGHAnthropic Claude Desktop Cowork VM Image Contents Not Validated Before UseEPSS 0.1%CVE-2026-5818HIGHMCU Firmware Update Authentication Bypass on Caliptra CoreEPSS 0.2%CVE-2026-6458MEDIUMAES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is EmptyEPSS 0.1%CVE-2026-12164MEDIUMPrivilege Escalation in Fortra File Integrity Monitoring (FIM)EPSS 0.1%CVE-2026-48493MEDIUMSnipe-IT Vulnerable to Privilege Escalation for self via API Permissions AssignmentEPSS 0.2%CVE-2026-56785HIGHFlatPress - Stored Cross-Site Scripting via Unescaped Comment and Contact Form FieldsEPSS 0.2%CVE-2026-54588CRITICALPoweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.EPSS 0.3%CVE-2026-47693MEDIUMPoweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applicationsEPSS 0.2%CVE-2026-12163MEDIUMStored XSS in Fortra File Integrity Monitoring (FIM)EPSS 0.1%