Export limit exceeded: 367121 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 87059 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (87059 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-62219 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 7.1 High |
| OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or policy checks. | ||||
| CVE-2026-62207 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8.8 High |
| OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths. | ||||
| CVE-2026-62203 | 1 Openclaw | 1 Openclaw | 2026-07-17 | 8.8 High |
| OpenClaw versions before 2026.6.6 contain an environment variable filtering vulnerability in host exec that fails to properly sanitize rustup startup variables. Attackers with lower-trust caller access or configured input paths can execute or persist actions beyond their intended authorization level. | ||||
| CVE-2026-14536 | 1 Devolutions | 1 Server | 2026-07-16 | 7.3 High |
| Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing multi-factor authentication. The problem occurs when DVLS encounters an invalid default MFA value. | ||||
| CVE-2026-55727 | 1 Genetec | 1 Security Center | 2026-07-16 | 7.5 High |
| A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams. | ||||
| CVE-2026-51937 | 1 Zhangyd-c | 1 Oneblog | 2026-07-16 | 7.5 High |
| An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component | ||||
| CVE-2026-24698 | 2026-07-16 | 7.2 High | ||
| An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-57239 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-07-16 | 8.2 High |
| The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM. | ||||
| CVE-2026-55137 | 1 Microsoft | 14 365 Apps, Excel 2016, Microsoft Office 365 For Mac and 11 more | 2026-07-16 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-50682 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more | 2026-07-16 | 7.1 High |
| Out-of-bounds read in Windows Active Directory allows an authorized attacker to deny service over a network. | ||||
| CVE-2026-50647 | 1 Microsoft | 14 .net, Windows 10 1607, Windows 10 1809 and 11 more | 2026-07-16 | 7.5 High |
| Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50528 | 1 Microsoft | 3 .net, Visual Studio 2022, Visual Studio 2026 | 2026-07-16 | 8.2 High |
| Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-56086 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-16 | 8.8 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | ||||
| CVE-2026-50411 | 1 Microsoft | 14 .net, Windows 10 1607, Windows 10 1809 and 11 more | 2026-07-16 | 7.5 High |
| Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50355 | 1 Microsoft | 9 .net, Windows 10 1607, Windows 10 1809 and 6 more | 2026-07-16 | 7.5 High |
| Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50368 | 1 Microsoft | 9 .net, Windows 10 1607, Windows 10 1809 and 6 more | 2026-07-16 | 7.5 High |
| Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50304 | 1 Microsoft | 9 .net, Windows 10 1607, Windows 10 1809 and 6 more | 2026-07-16 | 7.5 High |
| Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50653 | 1 Microsoft | 2 .net, Azure Active Directory | 2026-07-16 | 7.5 High |
| Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50652 | 1 Microsoft | 2 .net, Azure Active Directory | 2026-07-16 | 7.5 High |
| Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-10706 | 1 Adalo No-code App Builder | 1 App Builder | 2026-07-16 | 7.5 High |
| In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties. | ||||