Export limit exceeded: 364725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33264 | 1 Apache | 1 Airflow | 2026-07-10 | 9.8 Critical |
| A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossing the Airflow security boundary that DAG-author code must never execute in those processes. Users are advised to upgrade to `apache-airflow` 3.3.0 or later. As a defense-in-depth mitigation, deployments where DAG-author trust is limited can restrict the `[core] allowed_deserialization_classes` config to a narrow allowlist. | ||||
| CVE-2026-11340 | 1 Havelsan | 1 Liman Mys | 2026-07-10 | 8.3 High |
| Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107. | ||||
| CVE-2026-11348 | 1 Havelsan | 1 Liman Mys | 2026-07-10 | 8.1 High |
| Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107. | ||||
| CVE-2026-13696 | 1 Havelsan | 1 Liman Mys | 2026-07-10 | 8.8 High |
| Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107. | ||||
| CVE-2011-10043 | 1 Bingos | 1 Module::load | 2026-07-10 | 9.8 Critical |
| Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary code. | ||||
| CVE-2026-6101 | 2 Mohammed Kaludi, Wordpress | 2 Amp For Wp – Accelerated Mobile Pages, Wordpress | 2026-07-10 | 7.5 High |
| The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory. | ||||
| CVE-2026-12352 | 1 Digi International | 2 Digi One Sp / Sp Ia / Ia, Portserver Ts 1/2/4 | 2026-07-10 | 5.9 Medium |
| This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device. | ||||
| CVE-2026-12948 | 1 Digi International | 4 Digi One Ia, Digi One Sp, Digi One Sp Ia and 1 more | 2026-07-10 | N/A |
| A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79). | ||||
| CVE-2026-14935 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-07-10 | 3.7 Low |
| A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams. | ||||
| CVE-2026-57851 | 1 Msi | 1 Kerncorelib64.sys | 2026-07-10 | 7.8 High |
| MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privileges. Attackers can exploit the accessible device object through IOCTL handlers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software. | ||||
| CVE-2026-48954 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Improper validation leads to a generic XSS vector in the language override feature. | ||||
| CVE-2026-48949 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of validation leads to an XSS vulnerability in the MFA management views. | ||||
| CVE-2026-48948 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. | ||||
| CVE-2026-48953 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to an XSS vulnerability in the generic image output layout. | ||||
| CVE-2026-48951 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. | ||||
| CVE-2026-48957 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows unauthorized users to access com_privacy datasets. | ||||
| CVE-2026-48956 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows users to display a list of modules in the frontend. | ||||
| CVE-2026-48955 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows unauthorized users to access workflow stage and transition information. | ||||
| CVE-2026-48950 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. | ||||
| CVE-2026-48958 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows unauthorized users to create custom fields via webservices endpoints. | ||||