Export limit exceeded: 87077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57108 | 2 Microsoft, Redhat | 2 .net, Hummingbird | 2026-07-17 | 7.5 High |
| Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-55027 | 1 Microsoft | 11 365 Apps, Office 2016, Office 2019 and 8 more | 2026-07-17 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-50650 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.8 High |
| Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-50649 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2026, Hummingbird | 2026-07-17 | 7.8 High |
| Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-50648 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50646 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.8 High |
| Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-50528 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 8.2 High |
| Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-50527 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50526 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7 High |
| Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally. | ||||
| CVE-2026-50525 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-56170 | 2 Microsoft, Redhat | 2 .net, Hummingbird | 2026-07-17 | 7.5 High |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-44891 | 1 Netty | 1 Netty | 2026-07-17 | 7.5 High |
| Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only restricts individual header lines. An attacker can send a large number of short headers that are accumulated in memory inside DefaultStompHeadersSubframe until the JVM throws an OutOfMemoryError, causing denial of service for servers exposing a STOMP endpoint based on StompSubframeDecoder. This issue is fixed in versions 4.1.136.Final and 4.2.16.Final. | ||||
| CVE-2026-54244 | 1 Statamic | 1 Cms | 2026-07-17 | 3.5 Low |
| Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareable Live Preview URL rendering it. This issue is fixed in versions 5.74.0 and 6.20.3. | ||||
| CVE-2026-54242 | 1 Statamic | 1 Cms | 2026-07-17 | 4.9 Medium |
| Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly routable, but resolved again when the image was actually fetched, so an attacker controlling the hostname's DNS could rebind it to an internal address after validation and cause the server to make HTTP requests to internal addresses, including loopback, private network, and cloud metadata endpoints. This affects sites that pass user-supplied URLs to Glide. This issue is fixed in versions 5.73.24 and 6.20.1. | ||||
| CVE-2026-53727 | 1 Premailer | 1 Css Parser | 2026-07-17 | N/A |
| css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering, or protection against link-local, loopback, or RFC-1918 addresses. Location: redirects were followed recursively back into the same function, which also serviced file:// URIs, so a single attacker-controlled HTTP redirect could upgrade the bug from SSRF to arbitrary local file disclosure. Any consumer of css_parser that hands it attacker-influenced CSS together with a base_uri: option is exposed. This issue is fixed in version 3.0.0. | ||||
| CVE-2026-47304 | 1 Microsoft | 3 .net, Visual Studio 2022, Visual Studio 2026 | 2026-07-17 | 8.1 High |
| Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-57980 | 1 Microsoft | 1 Edge Chromium | 2026-07-17 | 5.4 Medium |
| Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2026-50524 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-47303 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 8.8 High |
| Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-47302 | 2 Microsoft, Redhat | 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more | 2026-07-17 | 7.5 High |
| Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network. | ||||