Export limit exceeded: 366988 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366988 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-63307 | 2026-07-17 | 6.5 Medium | ||
| Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/{id} endpoint. The handler calls dataSourceService.queryExistent(id, ...) without an ownership check and returns the decrypted password field, allowing any authenticated non-admin user to enumerate datasource IDs and read the plaintext database credentials of datasources owned by other users. | ||||
| CVE-2026-49208 | 2026-07-17 | N/A | ||
| Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, when a #[LiveProp] is typed as DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue() falls back to new $className($value), allowing client-supplied relative strings such as now, tomorrow, or +10 years to move a writable, format-less date prop past time-based business logic checks. This issue is fixed in versions 2.36.0 and 3.1.0. | ||||
| CVE-2026-49212 | 2026-07-17 | N/A | ||
| Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, the HMAC computed by Symfony\UX\LiveComponent\LiveComponentHydrator covered only sorted prop key/value pairs and did not include the component name, the slot identifier (props vs propsFromParent), or request context, allowing a signed blob minted for one component or slot to be replayed in another and set a read-only prop on a target component. This issue is fixed in versions 2.36.0 and 3.1.0. | ||||
| CVE-2026-49209 | 2026-07-17 | N/A | ||
| Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::__invoke() iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, an authenticated client can submit a single _batch request containing thousands of actions and exhaust CPU, memory, and database connections on the application server. This issue is fixed in versions 2.36.0 and 3.1.0. | ||||
| CVE-2026-39087 | 1 Ntfy | 1 Ntfy.sh | 2026-07-17 | 6.4 Medium |
| ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs. | ||||
| CVE-2026-7891 | 1 Divd | 1 Verysecureapp | 2026-07-17 | 9.1 Critical |
| A vulnerability has been identified in Mendix Runtime (All versions). Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead application developers to unknowingly apply overly permissive access rules to System.User, resulting in unintended exposure of sensitive user data or privilege escalation within deployed Mendix applications. | ||||
| CVE-2026-10587 | 1 Lenovo | 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more | 2026-07-17 | 6 Medium |
| A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode. | ||||
| CVE-2026-63101 | 2026-07-17 | 7.5 High | ||
| Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint which lacks any authentication decorator. Attackers can enumerate sequential group IDs via brute-force, trigger an export via the unauthenticated POST endpoint, then poll the unauthenticated task status endpoint until completion to retrieve a download URL containing the full member CSV. | ||||
| CVE-2026-58148 | 2026-07-17 | N/A | ||
| The Joomla extension ChronoForms is vulnerable to an unauthenticated stored XSS vulnerability. | ||||
| CVE-2026-60024 | 2026-07-17 | N/A | ||
| The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets. | ||||
| CVE-2026-58149 | 2026-07-17 | N/A | ||
| The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses. | ||||
| CVE-2026-24207 | 2 Linux, Nvidia | 2 Linux Kernel, Triton Inference Server | 2026-07-17 | 9.8 Critical |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. | ||||
| CVE-2026-48611 | 1 Phpbb | 1 Phpbb | 2026-07-17 | N/A |
| Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations. | ||||
| CVE-2026-63100 | 2026-07-17 | 6.5 Medium | ||
| Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the before_action ensure_admin filter is applied only to the clear_cache action. Attackers can read the operator's Synth API key rendered in plaintext via a form field value attribute, overwrite it with an attacker-controlled value, toggle public registration settings, and disable email confirmation requirements to disrupt the entire instance. | ||||
| CVE-2026-60025 | 2026-07-17 | N/A | ||
| The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection. | ||||
| CVE-2026-63098 | 2026-07-17 | 5.3 Medium | ||
| TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler. Attackers can obtain the datastore attachment protection password, configured authentication providers, SSO settings, MFA capabilities, and clustered node addresses and roles without any credentials. | ||||
| CVE-2026-63097 | 2026-07-17 | 4.3 Medium | ||
| Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint (syncapi/routing/context.go) that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while ignoring IsInRoom, HasBeenInRoom, and Membership fields. Attackers who have left a room can call the rooms context API endpoint for a previously permitted event and receive unfiltered current room state that the /messages and /sync endpoints correctly withhold. | ||||
| CVE-2026-63096 | 2026-07-17 | 5.8 Medium | ||
| Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers can exploit distinguishable error response classes and leaked internal IP addresses in error messages to perform blind port scanning and enumerate internal network topology. | ||||
| CVE-2026-0156 | 1 Google | 1 Android | 2026-07-17 | 6.5 Medium |
| In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-57299 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-07-17 | 4.3 Medium |
| Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. | ||||