Export limit exceeded: 365161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365161 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21054 | 1 Samsung Mobile | 1 Inputsharing | 2026-07-13 | N/A |
| Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | ||||
| CVE-2026-21055 | 1 Samsung Mobile | 1 Bixby | 2026-07-13 | N/A |
| Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege. | ||||
| CVE-2026-21056 | 1 Samsung Mobile | 1 Samsung Health | 2026-07-13 | N/A |
| Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. | ||||
| CVE-2026-21057 | 1 Samsung Mobile | 1 Samsung Pass | 2026-07-13 | N/A |
| Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2026-12276 | 2026-07-13 | 5.3 Medium | ||
| The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide. | ||||
| CVE-2026-54468 | 1 Dell | 1 Unisphere For Powermax | 2026-07-13 | 6.5 Medium |
| Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. | ||||
| CVE-2026-59793 | 1 Jetbrains | 1 Teamcity | 2026-07-13 | 8.8 High |
| In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration | ||||
| CVE-2026-59794 | 1 Jetbrains | 1 Teamcity | 2026-07-13 | 7.3 High |
| In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data | ||||
| CVE-2026-59796 | 1 Jetbrains | 1 Teamcity | 2026-07-13 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks | ||||
| CVE-2026-15541 | 1 Will-moss | 1 Isaiah | 2026-07-13 | 7.3 High |
| A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch the attack remotely. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-4769 | 1 Wago | 1 Field Profinet | 2026-07-13 | 9.8 Critical |
| Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an unauthenticated remote attacker can gain access to the internal system processes, resulting in full system compromise. | ||||
| CVE-2026-11913 | 2026-07-13 | N/A | ||
| vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. | ||||
| CVE-2026-15552 | 1 Ragic | 1 Enterprise Cloud Database | 2026-07-13 | 6.1 Medium |
| Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load. | ||||
| CVE-2026-15540 | 1 Sourcecodester | 1 Online Book Store System | 2026-07-13 | 4.3 Medium |
| A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-15539 | 1 Sourcecodester | 1 Online Book Store System | 2026-07-13 | 4.7 Medium |
| A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-15538 | 1 Primefaces | 1 Primereact | 2026-07-13 | 6.3 Medium |
| A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-57280 | 1 Jenkins Project | 1 Jenkins Script Security Plugin | 2026-07-13 | 8.8 High |
| Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection. | ||||
| CVE-2026-57297 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-07-13 | 5.4 Medium |
| A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key. | ||||
| CVE-2026-57299 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-07-13 | 4.3 Medium |
| Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. | ||||
| CVE-2026-52195 | 1 Utt | 1 Nv518g | 2026-07-13 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component | ||||