Export limit exceeded: 366467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366467 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-52100 | 2026-07-15 | 7.5 High | ||
| Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to execute arbitrary code via the uploadPutHandler function | ||||
| CVE-2026-54562 | 2026-07-15 | 6.5 Medium | ||
| Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or redirect-to-loopback targets, allowing a non-admin user with remote download permission to fetch internal-only URLs and read the response after it is imported into the user's own files. This issue is fixed in version 4.16.1. | ||||
| CVE-2026-5419 | 2 Gnu, Redhat | 11 Gnutls, Discovery, Enterprise Linux and 8 more | 2026-07-15 | 3.7 Low |
| A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure. | ||||
| CVE-2026-15672 | 1 Itsourcecode | 1 Electronic Judging System | 2026-07-15 | 6.3 Medium |
| A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/add_judges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-48329 | 2026-07-15 | 2.7 Low | ||
| ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-33213 | 2026-07-15 | 6.1 Medium | ||
| Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the get_next_path() function in Redash's authentication module stripped the scheme and netloc from user-supplied next parameters but did not normalize multiple leading slashes, allowing a crafted login URL such as /login?next=////evil.com to redirect users to an external attacker-controlled site after authentication. | ||||
| CVE-2026-48760 | 2026-07-15 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse() rejected raw BiDi formatting characters but not percent-encoded forms and used an ASCII-only whitespace check, allowing sanitized URLs to retain visual-spoofing characters that downstream consumers could decode or display. This issue is fixed in versions 6.4.41, 7.4.13, and 8.0.13. | ||||
| CVE-2026-48355 | 2026-07-15 | 5.4 Medium | ||
| Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed. | ||||
| CVE-2026-50331 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-07-15 | 7.8 High |
| Use after free in Windows Application Model allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-9073 | 1 Redhat | 1 Satellite | 2026-07-15 | 6.2 Medium |
| A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug logging is enabled, incompletely sanitizes HTTP request headers, leading to the cleartext logging of sensitive information such as authorization tokens and API keys. This vulnerability can result in a confidentiality breach, as sensitive authentication data is persisted in plain text within container logs, increasing the risk if logs are forwarded to a centralized platform. | ||||
| CVE-2026-52101 | 2026-07-15 | 9.1 Critical | ||
| An issue in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to obtain sensitive information via the function uploadRemote function in upload.go | ||||
| CVE-2026-50689 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 7.8 High |
| Use after free in Windows Clipboard Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42015 | 1 Redhat | 13 Discovery, Enterprise Linux, Enterprise Linux Eus and 10 more | 2026-07-15 | 5.3 Medium |
| A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts. | ||||
| CVE-2026-35152 | 2026-07-15 | 8.8 High | ||
| A SQL Injection vulnerability exists in Apache Fineract's Report Execution API (runreports endpoint) in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run reports to inject arbitrary SQL via crafted parameter values. This can be leveraged to perform unauthorized access to data beyond what the report was designed to expose. Users are recommended to upgrade to a version containing the fix. | ||||
| CVE-2026-42014 | 2 Gnu, Redhat | 14 Gnutls, Discovery, Enterprise Linux and 11 more | 2026-07-15 | 6.6 Medium |
| A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path. | ||||
| CVE-2026-42013 | 2 Gnu, Redhat | 14 Gnutls, Discovery, Enterprise Linux and 11 more | 2026-07-15 | 8.2 High |
| A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks. | ||||
| CVE-2026-42012 | 2 Gnu, Redhat | 14 Gnutls, Discovery, Enterprise Linux and 11 more | 2026-07-15 | 7.1 High |
| A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information. | ||||
| CVE-2026-5260 | 2 Gnu, Redhat | 14 Gnutls, Discovery, Enterprise Linux and 11 more | 2026-07-15 | 8.2 High |
| A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure. | ||||
| CVE-2026-7640 | 2 Aguilatechnologies, Wordpress | 2 Wp Customer Area, Wordpress | 2026-07-15 | 6.4 Medium |
| The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the `customer-area-protected-content` shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-61646 | 2026-07-15 | N/A | ||
| FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows redirects by default. An authenticated workflow user can configure an HTTP request node to call an attacker-controlled public URL that redirects to cloud metadata, loopback, or internal services that the guard would block on direct request, and the HTTP node returns the response body to the workflow caller. This issue is fixed in version 4.15.0-beta5. | ||||