Search Results (46569 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-45133 1 Symfony 1 Symfony 2026-07-15 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level (Parser::parseBlock()) and inline (Inline::parseSequence() / Inline::parseMapping()) parsers to recurse without a depth limit. A crafted document exhausts the PHP stack and crashes the worker. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12.
CVE-2026-50471 1 Microsoft 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more 2026-07-15 7.8 High
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-50445 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 6.5 Medium
Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-15483 1 Trendnet 2 Tew-821dap, Tew-821dap Firmware 2026-07-15 8.8 High
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument nslookup_target leads to buffer overflow. It is possible to initiate the attack remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2026-50298 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 6.8 Medium
Integer overflow or wraparound in Windows Spaceport.sys allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-49796 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.8 High
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally.
CVE-2026-49184 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 8.4 High
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-15695 1 Tenda 1 Be12 Pro 2026-07-15 8.8 High
A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2026-45065 1 Symfony 1 Symfony 2026-07-15 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw requirement plus $; with ungrouped alternations, middle alternatives match as unanchored substrings, allowing a value such as //evil.com to satisfy a common locale requirement and generate a protocol-relative off-site URL. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12.
CVE-2026-57979 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-15 6.5 Medium
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-54987 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-15 7.8 High
Heap-based buffer overflow in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.
CVE-2026-15607 1 Tanstack 1 Db 2026-07-15 4.3 Medium
A vulnerability was detected in tanstack db up to 0.6.8. Affected by this vulnerability is the function select of the file src/query/compiler/select.ts of the component Alias Path Handler. The manipulation results in improperly controlled modification of object prototype attributes. The attack may be launched remotely. The exploit is now public and may be used. The patch is identified as ac09b1177a100eafa85cba3cd09dd1f53f933ded. A patch should be applied to remediate this issue.
CVE-2026-49175 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more 2026-07-15 7.8 High
Heap-based buffer overflow in Windows DNS allows an authorized attacker to elevate privileges locally.
CVE-2026-49459 1 Cure53 1 Dompurify 2026-07-15 6.1 Medium
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitize(root, { IN_PLACE: true }) could preserve event-handler attributes on an attacker-controlled <form> root when a descendant name clobbered properties checked by _isClobbered, because _forceRemove no-opped on the parent-less root and _sanitizeAttributes returned early. This issue is fixed in version 3.4.6.
CVE-2026-47969 1 Adobe 1 Audition 2026-07-15 5.5 Medium
Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-46628 1 Twigphp 1 Twig 2026-07-15 N/A
Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0.
CVE-2026-59199 1 Python-pillow 1 Pillow 2026-07-15 7.5 High
Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or Image.alpha_composite(). This issue is fixed in version 12.3.0.
CVE-2026-15691 1 Tenda 1 Be12 Pro 2026-07-15 8.8 High
A security flaw has been discovered in Tenda BE12 Pro 16.03.66.23. This affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-12478 1 Redhat 1 Enterprise Linux 2026-07-15 4.8 Medium
The fix for CVE-2026-0716 (commit 6ff7ef0, libsoup 3.6.6) placed the integer overflow guard inside the if (masked) block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket server can send a crafted unmasked frame with a payload length near UINT64_MAX to trigger an OOB read in a libsoup-based client when max_incoming_payload_size is set to 0.
CVE-2026-48760 2026-07-15 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse() rejected raw BiDi formatting characters but not percent-encoded forms and used an ASCII-only whitespace check, allowing sanitized URLs to retain visual-spoofing characters that downstream consumers could decode or display. This issue is fixed in versions 6.4.41, 7.4.13, and 8.0.13.