CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-11666
Medium

Insufficient validation of untrusted input in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-11665
Medium

In Google Chrome on Windows prior to version 149.0.7827.103, an out of bounds read vulnerability allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2026-11658
Medium

Insufficient validation of untrusted input in Extensions in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2026-11653
Medium

Inappropriate implementation in Extensions in Google Chrome prior to version 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2026-11628
Medium

Use after free in Ozone in Google Chrome prior to version 149.0.7827.103 allows a local attacker to potentially exploit heap corruption via physical access to the device.

CVE-2026-40215
Medium

A race condition in OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

CVE-2026-11585
Medium

A vulnerability was identified in CodeAstro Student Attendance Management System version 1.0. Manipulation of the classId argument in the file /attendance-php/Admin/createClassArms.php leads to SQL injection, which can be initiated remotely.

CVE-2026-47345
Medium

Namespace attributes are not encoded correctly during HTML serialization, allowing bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

CVE-2026-35058
Medium

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.

CVE-2026-11584
Medium

A vulnerability was found in CodeAstro Student Attendance Management System 1.0, affecting an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. Manipulation of the argument ID results in SQL injection.

CVE-2026-11583
Medium

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0 affecting an unknown function of the file /attendance-php/Admin/createClass.php. Manipulation of the argument className leads to SQL injection.

CVE-2026-46486
Medium

MVT (Mobile Verification Toolkit) has a path traversal vulnerability related to unsanitized File identifiers in iOS Backup processing prior to version 2026.5.12. This issue has been patched in version 2026.5.12.

CVE-2026-11559
Medium

A vulnerability was detected in CodeAstro Payroll System 1.0 affecting an unknown function of the file /view_account.php. Manipulation of the argument ID results in SQL injection, which can be performed remotely.

CVE-2026-11558
Medium

A vulnerability has been detected in CodeAstro Payroll System 1.0 that allows SQL injection through manipulation of the rate/salary_rate argument in the /home_salary.php file. The attack can be executed remotely.

CVE-2026-10787
Medium

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request.

CVE-2026-10786
Medium

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.

CVE-2026-10544
Medium

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider.

CVE-2026-11554
Medium

A vulnerability was identified in TOTOLINK CP450 version 4.1.0cu.747, concerning the file /etc/vsftpd.conf of the vsftpd component. Manipulation of this file leads to least privilege violation.

CVE-2026-11552
Medium

A vulnerability has been found in SourceCodester Online Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0, specifically in the file import_users.php. Manipulating the argument raw_password with the input CICT_2026 leads to the use of a hard-coded password.

CVE-2026-46314
Medium

In the Linux kernel, a vulnerability in the DRM V3D driver allows a local user to trigger an infinite loop in kernel context. By crafting an empty multisync extension with a self-referential list pointer, the existing duplicate-extension guard is bypassed, causing the calling thread to block indefinitely and pegging a CPU core.

PreviousPage 152 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS