Export limit exceeded: 363529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363529 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13927 | 1 Google | 1 Chrome | 2026-07-06 | 7.8 High |
| Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-59152 | 1 Langchain-ai | 1 Langsmith-sdk | 2026-07-06 | 5 Medium |
| LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary. This vulnerability is fixed in 0.8.18. | ||||
| CVE-2026-13122 | 1 Openvpn | 1 Openvpn | 2026-07-06 | N/A |
| OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled | ||||
| CVE-2026-59194 | 1 Pnpm | 1 Pnpm | 2026-07-06 | 7.1 High |
| pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0. | ||||
| CVE-2026-59196 | 1 Pnpm | 1 Pnpm | 2026-07-06 | 7.1 High |
| pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fixed in 10.34.4 and 11.7.0. | ||||
| CVE-2026-59195 | 1 Pnpm | 1 Pnpm | 2026-07-06 | 8.2 High |
| pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under node_modules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose env-lockfile document contains a traversal-shaped config dependency name. During pnpm install, pnpm installs the config dependency and creates a symlink at a path derived from that name. This vulnerability is fixed in 10.34.4 and 11.8.0. | ||||
| CVE-2026-57987 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 6.5 Medium |
| Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-46465 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 5.5 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service. | ||||
| CVE-2026-14607 | 1 Rt-thread | 1 Rt-thread | 2026-07-06 | 5.5 Medium |
| A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-14610 | 1 Assimp | 1 Assimp | 2026-07-06 | 5.3 Medium |
| A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. Patch name: eb84eec580d3f4ba2f0fd87409b7d0744620f11e. Applying a patch is the recommended action to fix this issue. | ||||
| CVE-2026-49815 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 7.2 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands. | ||||
| CVE-2025-71342 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks. | ||||
| CVE-2026-46463 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 6.5 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2026-41123 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 4.3 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. | ||||
| CVE-2025-71359 | 1 Mmaitre314 | 1 Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization. | ||||
| CVE-2025-71369 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization, enabling remote code execution. | ||||
| CVE-2026-40257 | 2026-07-06 | 5.5 Medium | ||
| OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error that can cause a massive heap overflow that corrupts all TEE kernel memory following the hash state. This affects all platforms built with `CFG_CRYPTO_WITH_CE82=y` (ARMv8.2+ with SHA3 Crypto Extensions). Version 4.11.0 contains a patch. As a workaround, disable SHA3 Crypto Extensions with `CFG_CRYPTO_WITH_CE82=n`. | ||||
| CVE-2026-58295 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 8.3 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-4804 | 2 Themegrill, Wordpress | 2 Zakra, Wordpress | 2026-07-06 | 6.4 Medium |
| The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields (zakra_menu_item_color, zakra_menu_item_hover_color, and zakra_menu_item_active_color) with 'show_in_rest' => true and 'auth_callback' => '__return_true', but without any sanitize_callback parameter in the register_post_meta() calls. While the classic editor save path applies sanitize_hex_color() sanitization, the REST API path completely bypasses this protection. The unsanitized meta values are then retrieved via get_post_meta() and concatenated directly into CSS strings that are output through wp_add_inline_style() without any escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page. | ||||
| CVE-2026-8351 | 2 Rometheme, Wordpress | 2 Rtmkit, Wordpress | 2026-07-06 | 6.4 Medium |
| The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'background_text_heading' setting in the render() function, which concatenates the value directly into an HTML attribute without applying esc_attr(). This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||