Export limit exceeded: 366573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14403 | 1 Google | 1 Chrome | 2026-07-15 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14432 | 1 Google | 1 Chrome | 2026-07-15 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-52187 | 1 Utt | 1 Nv518g | 2026-07-15 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_483ba0 component | ||||
| CVE-2026-52192 | 1 Utt | 1 Nv518g | 2026-07-15 | 7.5 High |
| An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_445C5C component | ||||
| CVE-2026-38970 | 2026-07-15 | 7.5 High | ||
| pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without enforcing a maximum nesting depth. | ||||
| CVE-2026-38971 | 1 Ardupilot | 1 Ardupilot | 2026-07-15 | 9.1 Critical |
| ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control(). | ||||
| CVE-2026-62655 | 1 Netgear | 8 Rbe970, Rbe971, Rbr860 and 5 more | 2026-07-15 | N/A |
| A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or restart unexpectedly, disrupting network connectivity and making the device temporarily unavailable. | ||||
| CVE-2026-53633 | 1 Vitest.dev | 1 Vitest | 2026-07-15 | 9.8 Critical |
| Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp() API that forwarded raw Chrome DevTools Protocol methods without being gated by allowWrite or allowExec, allowing a remote client with exposed browser API metadata to use CDP Page.setDownloadBehavior and Runtime.evaluate to overwrite vite.config.ts and execute attacker-controlled Node.js code. This issue is fixed in versions 3.2.5, 4.1.8, and 5.0.0-beta. | ||||
| CVE-2026-61873 | 1 Getgrav | 1 Grav | 2026-07-15 | 8.1 High |
| Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that are processed through Twig templates, allowing them to write arbitrary files including PHP webshells to the web root or other sensitive directories. | ||||
| CVE-2026-62361 | 2026-07-15 | 5.5 Medium | ||
| listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET /api/subscribers, allowing an authenticated user with subscribers:sql_query and subscribers:get_all to read arbitrary database tables such as users and settings and execute data-modifying PostgreSQL CTEs. This issue is fixed in version 6.2.0. | ||||
| CVE-2026-46633 | 1 Twigphp | 1 Twig | 2026-07-15 | N/A |
| Twig is a template language for PHP. Prior to 3.26.0, Compiler::string() does not escape single quotes when a template name from a {% use %} tag is placed inside a PHP single-quoted string literal, allowing a crafted template name to terminate the string and inject arbitrary PHP expressions into the compiled cache file. This issue is fixed in version 3.26.0. | ||||
| CVE-2026-48805 | 1 Twigphp | 1 Twig | 2026-07-15 | N/A |
| Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow(), arraySome(), and arrayEvery(), allowing legacy calls such as twig_array_some(), twig_array_every(), and twig_check_arrow_in_sandbox() to bypass sandbox callable restrictions. This issue is fixed in version 3.27.0. | ||||
| CVE-2026-58553 | 1 Huawei | 1 Harmonyos | 2026-07-15 | 4 Medium |
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-58555 | 1 Huawei | 1 Harmonyos | 2026-07-15 | 6.6 Medium |
| Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-56287 | 1 Apache | 1 Fineract | 2026-07-15 | N/A |
| A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API (GET /api/v1/clients) in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view clients to inject arbitrary SQL via a crafted orderBy value. This can be leveraged to perform blind boolean-based data extraction and, on MySQL/MariaDB, to disclose arbitrary files readable by the database process via the LOAD_FILE() function. Users are recommended to upgrade to a version containing the fix | ||||
| CVE-2026-40633 | 1 Dell | 1 Powerscale Onefs | 2026-07-15 | 7.8 High |
| Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2026-58557 | 1 Huawei | 1 Harmonyos | 2026-07-15 | 4.8 Medium |
| Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-55399 | 2026-07-15 | N/A | ||
| CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher. | ||||
| CVE-2026-14544 | 1 Redhat | 1 Enterprise Linux | 2026-07-15 | 9.8 Critical |
| A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data. | ||||
| CVE-2026-55398 | 2026-07-15 | N/A | ||
| CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server. | ||||