Export limit exceeded: 367033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367033 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-51080 | 2026-07-17 | 9.8 Critical | ||
| libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity (XXE) vulnerability. | ||||
| CVE-2026-16106 | 1 Redhat | 4 Build Keycloak, Jboss Data Grid, Jbosseapxp and 1 more | 2026-07-17 | 4.9 Medium |
| A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators. | ||||
| CVE-2026-12692 | 2026-07-17 | 9.8 Critical | ||
| Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0. | ||||
| CVE-2026-12691 | 2026-07-17 | 7.5 High | ||
| Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0. | ||||
| CVE-2025-60357 | 2026-07-17 | 8.1 High | ||
| AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint. | ||||
| CVE-2026-44023 | 1 Docling-project | 1 Docling-core | 2026-07-17 | 8.6 High |
| Docling Core defines core data types and transformations for the document processing application Docling. In versions 1.5.0 and above, prior to 2.74.1, docling-core did not sufficiently restrict remote request destinations and could resolve a server-provided Content-Disposition to a local path in an unsafe manner. In applications that accept untrusted URLs, this could allow SSRF attacks targeting local files outside the user-defined cache directory. This issue has been fixed in version 2.74.1. | ||||
| CVE-2026-45334 | 1 Getkirby | 1 Kirby | 2026-07-17 | N/A |
| Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the content-locking feature returned lock information without checking the requesting user's access permissions. Kirby's Panel includes a content-locking feature that records which user currently has a model open for editing. This lock prevents conflicting edits by multiple users and displays the locking user's identity in the Panel UI so other users know who to contact. Internally, the locking user's email address and identifier are included in every Panel view payload and in error responses returned when a user attempts to edit a model that is currently locked by another user. This allowed a low-privilege authenticated Panel user, whose role was configured with users.access: false or users.list: false, to learn the email address and identifier of any user who currently had a model open for editing in the Panel, including administrators and other higher-privilege users. Content locks are active for a configurable window (10 minutes by default). The email address can allow admin account enumeration, target phishing, and feed credential-stuffing attacks against the Kirby installation or other sites. The internal user ID can be cross-referenced with other endpoints once the requester has obtained a higher privilege through unrelated means. This issue has been fixed in versions 4.9.1 and 5.4.1. | ||||
| CVE-2026-57860 | 2026-07-17 | 7.8 High | ||
| ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and args values (for example, command: bash with args: ['-c', 'touch /tmp/pwned']). When a user runs the forge CLI inside a cloned untrusted repository, the specified commands are spawned with the invoking user's privileges, resulting in arbitrary code execution. This provides a reliable initial-access and persistence primitive against developers who evaluate untrusted repositories with ForgeCode. | ||||
| CVE-2026-58551 | 1 Huawei | 1 Harmonyos | 2026-07-17 | 5.1 Medium |
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-58559 | 2026-07-17 | 6.5 Medium | ||
| DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-51082 | 2026-07-17 | 7.2 High | ||
| A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment (PVE) 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 (PVE 9.x) and before 5.3.4 (PVE 8.x) allows an attacker with privileges to call "vncproxy" to hijack a VNC session that is established in parallel by a different user for a different VM. | ||||
| CVE-2026-9586 | 2026-07-17 | N/A | ||
| An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The /pa endpoint processes XML content beginning with <PolycomIPPhone> and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution. | ||||
| CVE-2026-16093 | 1 Redhat | 4 Build Keycloak, Jboss Data Grid, Jbosseapxp and 1 more | 2026-07-17 | 5.4 Medium |
| Keycloak provides a mechanism called Client Policies to enforce security requirements on clients, such as requiring them to use signed JWTs for authentication. A flaw was discovered where this enforcement can be bypassed. An attacker with valid client credentials can provide a fake, unsigned assertion header that tricks the system into thinking the policy requirements have been met. This allows the attacker to authenticate using simpler methods like a client secret even when the administrator has mandated more secure, signed assertions. | ||||
| CVE-2026-9587 | 2026-07-17 | N/A | ||
| An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope. | ||||
| CVE-2026-9588 | 2026-07-17 | N/A | ||
| A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users. | ||||
| CVE-2026-63309 | 2026-07-17 | 4.3 Medium | ||
| SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records, even though the field itself returns null as intended. | ||||
| CVE-2026-11763 | 2026-07-17 | 6.5 Medium | ||
| Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026. | ||||
| CVE-2026-9585 | 2026-07-17 | N/A | ||
| An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers. User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser. | ||||
| CVE-2026-8297 | 2026-07-17 | 9.8 Critical | ||
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026. | ||||
| CVE-2026-63094 | 1 Signoz | 1 Signoz | 2026-07-17 | 8.1 High |
| SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with a ref parameter pointing to an attacker-controlled host, deliver the resulting crafted login URL to a victim, and receive the victim's access and refresh tokens when they complete SSO authentication. | ||||