Export limit exceeded: 86994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (86994 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35552 | 2026-07-17 | 8.1 High | ||
| In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's license. | ||||
| CVE-2026-51535 | 1 Eipstackgroup | 1 Opener | 2026-07-17 | 7.5 High |
| In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its network processing loop. | ||||
| CVE-2026-24697 | 2026-07-17 | 7.2 High | ||
| An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-24700 | 2026-07-17 | 7.2 High | ||
| An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-22927 | 1 Omnissa | 1 Omnissa Workspace One Tunnel For Windows | 2026-07-17 | 7.8 High |
| Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability. | ||||
| CVE-2026-53482 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-17 | 7.5 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2026-15112 | 1 Google | 1 Chrome | 2026-07-17 | 8.8 High |
| Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-15110 | 1 Google | 1 Chrome | 2026-07-17 | 8.8 High |
| Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-15114 | 1 Google | 1 Chrome | 2026-07-17 | 8.8 High |
| Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High) | ||||
| CVE-2026-15117 | 1 Google | 1 Chrome | 2026-07-17 | 7.5 High |
| Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15119 | 1 Google | 1 Chrome | 2026-07-17 | 8.3 High |
| Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15122 | 1 Google | 1 Chrome | 2026-07-17 | 8.3 High |
| Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-45422 | 1 Proximus | 1 B-box | 2026-07-17 | 8.1 High |
| Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules. | ||||
| CVE-2026-47840 | 1 Cloudfoundry | 2 Cf-deployment, Uaa | 2026-07-17 | 7.5 High |
| A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS. Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0. | ||||
| CVE-2026-13462 | 1 Payrange | 1 Payrange | 2026-07-17 | 7.5 High |
| PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends. | ||||
| CVE-2026-56690 | 1 Dell | 1 Powerflex Manager | 2026-07-17 | 8.5 High |
| Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access. | ||||
| CVE-2026-56689 | 1 Dell | 1 Powerflex Manager | 2026-07-17 | 7.7 High |
| Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-59795 | 1 Jetbrains | 1 Teamcity | 2026-07-17 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible | ||||
| CVE-2026-59796 | 1 Jetbrains | 1 Teamcity | 2026-07-17 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks | ||||
| CVE-2026-7162 | 1 Winfsp | 1 Winfsp | 2026-07-17 | 7.8 High |
| Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software. | ||||