Export limit exceeded: 362961 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362961 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13790 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-42009 | 2 Gnu, Redhat | 25 Gnutls, Discovery, Enterprise Linux and 22 more | 2026-07-01 | 7.5 High |
| A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service. | ||||
| CVE-2026-33846 | 2 Gnu, Redhat | 15 Gnutls, Discovery, Enterprise Linux and 12 more | 2026-07-01 | 7.5 High |
| A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption. | ||||
| CVE-2026-33845 | 2 Gnu, Redhat | 15 Gnutls, Discovery, Enterprise Linux and 12 more | 2026-07-01 | 7.5 High |
| A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service. | ||||
| CVE-2026-4878 | 2 Libcap Project, Redhat | 18 Libcap, Ai Inference Server, Cost Management and 15 more | 2026-07-01 | 6.7 Medium |
| A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. | ||||
| CVE-2026-14045 | 1 Google | 1 Chrome | 2026-07-01 | 4.3 Medium |
| Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-13228 | 2 Latepoint, Wordpress | 2 Latepoint – Calendar Booking Plugin For Appointments And Events, Wordpress | 2026-07-01 | 8.8 High |
| The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference (IDOR) in the create_or_update() function of OsOrdersController, which allows an authenticated Agent to supply an arbitrary order[customer_id] and overwrite any LatePoint customer's email field (including one linked to a WordPress Administrator's account) through the public-scope customer set_data() call, combined with a missing role verification in OsAuthHelper::authorize_customer() which logs in the linked WordPress user without checking its role. This makes it possible for authenticated attackers, with custom (Agent)-level access and above, to elevate their privileges to Administrator. | ||||
| CVE-2026-10095 | 2 Opajaap, Wordpress | 2 Wp Photo Album Plus, Wordpress | 2026-07-01 | 6.4 Medium |
| The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and including, 9.1.13.005 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A contributor-level attacker can embed the malicious [photo] shortcode in a post submitted for review, causing the stored payload to execute when an administrator or any other user views the post. | ||||
| CVE-2026-57692 | 2 Lcweb, Wordpress | 2 Privatecontent, Wordpress | 2026-07-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2. | ||||
| CVE-2026-53338 | 1 Linux | 1 Linux Kernel | 2026-07-01 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues() of_reserved_mem_lookup() may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table (e.g. due to a misconfigured DTS or a removed memory-region node). The current code dereferences the returned pointer without checking for NULL, leading to a kernel NULL pointer dereference at the following lines: dma_addr = rmem->base; // line 1156 num_desc = div_u64(rmem->size, buf_size); // line 1160 Add a NULL check after of_reserved_mem_lookup() and return -ENODEV if the lookup fails, which is consistent with the existing error handling for of_parse_phandle() failure in the same code block. | ||||
| CVE-2026-53332 | 1 Linux | 1 Linux Kernel | 2026-07-01 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the theoretical event that we get an interrupt from the hardware, these callbacks will operate on uninitialized data. This result in issues to boot the affected boards. One such example can be seen in the following fault, where qcom_slim_ngd_ssr_pdr_notify() schedules work on the NULL ngd_up_work. [ 21.858578] ------------[ cut here ]------------ [ 21.858745] WARNING: kernel/workqueue.c:2338 at __queue_work+0x5e0/0x790, CPU#2: kworker/2:2/116 ... [ 21.859251] Call trace: [ 21.859255] __queue_work+0x5e0/0x790 (P) [ 21.859265] queue_work_on+0x6c/0xf0 [ 21.859273] qcom_slim_ngd_ssr_pdr_notify+0x110/0x150 [slim_qcom_ngd_ctrl] [ 21.859304] qcom_slim_ngd_ssr_notify+0x24/0x40 [slim_qcom_ngd_ctrl] [ 21.859318] notifier_call_chain+0xa4/0x230 [ 21.859329] srcu_notifier_call_chain+0x64/0xb8 [ 21.859338] ssr_notify_start+0x40/0x78 [qcom_common] [ 21.859355] rproc_start+0x130/0x230 [ 21.859367] rproc_boot+0x3d4/0x518 ... Move the enablement of interrupts, and the registration of SSR and PDR until after the NGD device has been registered. This could be further refined by moving initialization to the control driver probe and by removing the platform driver model from the picture. | ||||
| CVE-2026-58517 | 2026-07-01 | N/A | ||
| Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4. | ||||
| CVE-2026-54428 | 2026-07-01 | 7.5 High | ||
| Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2 SETTINGS acknowledgement causes the configured header list size limit to be applied. | ||||
| CVE-2026-13211 | 2026-07-01 | 4.3 Medium | ||
| The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role. | ||||
| CVE-2026-34096 | 2026-07-01 | 4.6 Medium | ||
| Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session. | ||||
| CVE-2026-34097 | 2026-07-01 | 4.6 Medium | ||
| Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session. | ||||
| CVE-2026-27409 | 2026-07-01 | 5.3 Medium | ||
| Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13. | ||||
| CVE-2026-34101 | 2026-07-01 | 9.8 Critical | ||
| Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents. | ||||
| CVE-2026-10539 | 1 Bmc | 1 Control-m/server | 2026-07-01 | 9 Critical |
| A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier unsupported versions. | ||||
| CVE-2026-34113 | 2026-07-01 | 9.8 Critical | ||
| Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech_text.php (line 18) without sanitization: exec(\"php jobs/speech_audio_text.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server. | ||||