Export limit exceeded: 366360 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366360 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366360 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-11963 | 2026-07-15 | 8.1 High | ||
| The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change another user's WordPress role and membership tier. | ||||
| CVE-2026-12273 | 2026-07-15 | 4.3 Medium | ||
| The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments containing arbitrary HTML and links on any content across the site, bypassing the comment moderation queue. | ||||
| CVE-2026-48368 | 1 Adobe | 1 Audition | 2026-07-15 | 7.8 High |
| Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-48370 | 1 Adobe | 1 Media Encoder | 2026-07-15 | 7.8 High |
| Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-15777 | 1 Google | 1 Chrome | 2026-07-15 | 7.5 High |
| Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-58555 | 2026-07-15 | 6.6 Medium | ||
| Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-58553 | 2026-07-15 | 4 Medium | ||
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-55046 | 1 Microsoft | 9 365 Apps, Excel 2016, Office 2019 and 6 more | 2026-07-15 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-48367 | 1 Adobe | 1 After Effects | 2026-07-15 | 7.8 High |
| After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-58552 | 2026-07-15 | 5.1 Medium | ||
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-58551 | 2026-07-15 | 5.1 Medium | ||
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-61864 | 1 Imagemagick | 1 Imagemagick | 2026-07-15 | 2.9 Low |
| ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released. | ||||
| CVE-2026-58550 | 2026-07-15 | 4 Medium | ||
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-61871 | 1 Imagemagick | 1 Imagemagick | 2026-07-15 | 3.7 Low |
| ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service. | ||||
| CVE-2026-58549 | 2026-07-15 | 4 Medium | ||
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-48269 | 1 Adobe | 1 Premiere | 2026-07-15 | 7.8 High |
| Premiere Pro is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-48274 | 1 Adobe | 1 After Effects | 2026-07-15 | 7.8 High |
| After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-61873 | 2026-07-15 | 8.1 High | ||
| Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that are processed through Twig templates, allowing them to write arbitrary files including PHP webshells to the web root or other sensitive directories. | ||||
| CVE-2026-61859 | 1 Imagemagick | 1 Imagemagick | 2026-07-15 | 3.3 Low |
| ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy. | ||||
| CVE-2026-61464 | 1 Imagemagick | 1 Imagemagick | 2026-07-15 | 1.8 Low |
| ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corruption and denial of service. | ||||