Export limit exceeded: 363320 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363320 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-38968 | 1 Ntop | 1 Ntopng | 2026-07-04 | N/A |
| ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing. | ||||
| CVE-2026-10077 | 2026-07-04 | 6.8 Medium | ||
| The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wp_kses_post(), as markup, allowing users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any user who views the affected post. | ||||
| CVE-2026-11578 | 2026-07-04 | N/A | ||
| The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms. | ||||
| CVE-2026-11781 | 2026-07-04 | 2.7 Low | ||
| The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them, such as other authors' unpublished post titles, pending comment content, the site's Adminify WordPress plugin before 4.2.10 inventory, and user account names. | ||||
| CVE-2026-14624 | 1 Omec-project | 1 Amf | 2026-07-04 | 4.3 Medium |
| A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is 34bc6724acc97dba1f8691e586da95b042cb612d. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2026-54407 | 2026-07-04 | 8.6 High | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints. | ||||
| CVE-2026-54405 | 1 Ubiquiti | 1 Unifi Network Application | 2026-07-04 | 7.5 High |
| A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application. | ||||
| CVE-2026-54408 | 2026-07-04 | 8.6 High | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming. | ||||
| CVE-2026-50748 | 2026-07-04 | 9.9 Critical | ||
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device. | ||||
| CVE-2026-54404 | 2026-07-04 | 8.8 High | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||||
| CVE-2026-50746 | 2026-07-04 | 10 Critical | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device. | ||||
| CVE-2026-54401 | 2026-07-04 | 7.7 High | ||
| A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances. | ||||
| CVE-2026-55111 | 2026-07-04 | 7.5 High | ||
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight. | ||||
| CVE-2026-55113 | 2026-07-04 | 7.5 High | ||
| A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints. | ||||
| CVE-2026-55117 | 2026-07-04 | 8.6 High | ||
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device. | ||||
| CVE-2026-55118 | 1 Ubiquiti | 1 Unifi Network Application | 2026-07-04 | 8.3 High |
| A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application. | ||||
| CVE-2026-55115 | 2026-07-04 | 9.9 Critical | ||
| A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device. | ||||
| CVE-2026-55119 | 2026-07-04 | 8.1 High | ||
| A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application. | ||||
| CVE-2026-14623 | 1 Omec-project | 1 Amf | 2026-07-04 | 4.3 Medium |
| A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue. | ||||
| CVE-2026-11352 | 1 Curl | 1 Curl | 2026-07-04 | N/A |
| An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can continuously stream empty datagrams to indefinitely stall the client. | ||||