Export limit exceeded: 364799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86047 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14736 1 Ruijie 2 Rg-uac, Rg-uac Firmware 2026-07-06 7.3 High
A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVE-2026-14754 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-06 7.3 High
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/add_room.php. Executing a manipulation of the argument delete_image/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
CVE-2026-8286 1 Curl 1 Curl 2026-07-06 8.1 High
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
CVE-2025-71362 2 Mmaitre314, Picklescan 2 Picklescan, Picklescan 2026-07-06 8.1 High
picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources.
CVE-2025-71345 1 Mmaitre314 1 Picklescan 2026-07-06 8.1 High
picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution.
CVE-2026-9545 1 Curl 1 Curl 2026-07-06 7.5 High
In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL session (`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the `CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might send off the second request's bytes on that new connection *before* enforcing the certificate verification failure. Potentially leaking sensitive information.
CVE-2026-58297 1 Microsoft 1 Edge Chromium 2026-07-06 7.1 High
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
CVE-2026-14745 1 Code-projects 1 Real State Services 2026-07-06 7.3 High
A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-14763 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-06 7.3 High
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tour_reserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2026-14770 1 Sourcecodester 1 Class And Exam Timetabling System 2026-07-06 7.3 High
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_room.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-58293 1 Microsoft 1 Edge Chromium 2026-07-06 8.1 High
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-59092 1 Juicedata 1 Juicefs 2026-07-06 7.7 High
JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the /debug/pprof/cmdline endpoint to obtain the process command line containing metadata engine connection strings with database credentials, granting full read/write access to filesystem metadata, while other pprof handlers leak internal state and profiling handlers enable denial of service.
CVE-2026-57977 1 Microsoft 1 Edge Chromium 2026-07-06 7.1 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58299 1 Microsoft 1 Edge Chromium 2026-07-06 7.5 High
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
CVE-2026-58287 1 Microsoft 1 Edge Chromium 2026-07-06 8.3 High
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-56645 1 Microsoft 1 Edge Chromium 2026-07-06 8.8 High
Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58283 1 Microsoft 1 Edge Chromium 2026-07-06 8.1 High
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-59196 1 Pnpm 1 Pnpm 2026-07-06 7.1 High
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fixed in 10.34.4 and 11.7.0.
CVE-2025-71342 2 Mmaitre314, Picklescan 2 Picklescan, Picklescan 2026-07-06 8.1 High
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.
CVE-2025-71359 1 Mmaitre314 1 Picklescan 2026-07-06 8.1 High
picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.