Export limit exceeded: 366804 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366804 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-47212 2026-07-15 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, TwilioRequestParser::doParse() received the configured webhook secret but ignored the X-Twilio-Signature HMAC header, allowing unauthenticated POST requests to inject forged Twilio status payloads. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.
CVE-2026-45305 2026-07-15 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup() used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup, allowing crafted input to make parsing hang for an arbitrarily long time. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12.
CVE-2026-60081 2026-07-15 7.5 High
DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.
CVE-2026-15392 2026-07-15 7.7 High
DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The complete_table_name method builds the absolute table file path without checking whether the file is a symbolic link. A link inside the data directory can point to a table file at any path outside of the configured f_dir and f_dir_search directories. Callers of file-based drivers can read or write files outside of the data directory.
CVE-2026-4018 1 Blackberry 3 Qnx Os For Medical, Qnx Os For Safety, Qnx Software Development Platform 2026-07-15 6.4 Medium
TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local access and with the PROCMGR_AID_TRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel.
CVE-2026-55028 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-15 5.5 Medium
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-15112 1 Google 1 Chrome 2026-07-15 8.8 High
Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-15116 1 Google 1 Chrome 2026-07-15 8.8 High
Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15123 1 Google 1 Chrome 2026-07-15 8.8 High
Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15125 1 Google 1 Chrome 2026-07-15 8.8 High
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2025-45422 1 Proximus 1 B-box 2026-07-15 8.1 High
Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules.
CVE-2026-51923 1 Docuform 1 Client 2026-07-15 8.1 High
An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts.
CVE-2025-63579 1 Kyocera 1 Command Center Rx 2026-07-15 7.5 High
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be obtained. This affects Kyocera Command Center RX TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, TASKalfa 3254ci, TASKalfa 505.
CVE-2026-51600 1 Tenda 1 Cp3 V3 2026-07-15 7.5 High
Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests (including DESCRIBE, SETUP, and PLAY methods). When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting state, causing the affected TCP connection to become permanently non-functional. The device does not actively close the connection, resulting in a TCP resource leak. This issue can be exploited by an unauthenticated remote attacker to cause a denial-of-service condition.
CVE-2026-50657 1 Microsoft 1 Defender For Endpoint 2026-07-15 4.7 Medium
Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.
CVE-2026-50668 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 6.8 Medium
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-48580 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-15 5.5 Medium
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-55016 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-15 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-50299 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-15 6.8 Medium
Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-55046 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-15 5.5 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.