Export limit exceeded: 366485 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366485 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366485 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55039 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-07-15 | 7.8 High |
| Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-51119 | 2026-07-15 | 9.1 Critical | ||
| An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components | ||||
| CVE-2026-50678 | 1 Microsoft | 9 365 Apps, Excel 2016, Office 2019 and 6 more | 2026-07-15 | 6.6 Medium |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-21050 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-15 | N/A |
| Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2026-21051 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-15 | N/A |
| Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | ||||
| CVE-2026-15028 | 1 Redhat | 3 Enterprise Linux, Hummingbird, Openshift | 2026-07-15 | 3.9 Low |
| A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system. | ||||
| CVE-2026-56690 | 1 Dell | 1 Powerflex Manager | 2026-07-15 | 8.5 High |
| Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access. | ||||
| CVE-2026-56689 | 1 Dell | 1 Powerflex Manager | 2026-07-15 | 7.7 High |
| Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-50468 | 1 Microsoft | 3 Microsoft Sql Server 2025 (cu 2), Microsoft Sql Server 2025 For X64-based Systems (gdr), Sql Server 2025 | 2026-07-15 | 6.5 Medium |
| Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-13385 | 1 Asus | 1 Router | 2026-07-15 | N/A |
| An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-15029 | 1 Asus | 3 Business Manager, System Control Interface, System Control Interface V3 | 2026-07-15 | N/A |
| Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections. Refer to the ' Security Update for ASUS System Control Interface ' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-15030 | 1 Asus | 3 Business Manager, System Control Interface, System Control Interface V3 | 2026-07-15 | N/A |
| Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security Update for ASUS System Control Interface ' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-59793 | 1 Jetbrains | 1 Teamcity | 2026-07-15 | 8.8 High |
| In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration | ||||
| CVE-2026-59795 | 1 Jetbrains | 1 Teamcity | 2026-07-15 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible | ||||
| CVE-2026-61492 | 1 Jetbrains | 1 Youtrack | 2026-07-15 | 3.5 Low |
| In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible | ||||
| CVE-2026-50408 | 1 Microsoft | 9 365 Apps, Excel 2016, Office 2019 and 6 more | 2026-07-15 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2019-25695 | 1 R-project | 1 R | 2026-07-15 | 8.4 High |
| R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the payload is pasted into the Language for menus and messages field. | ||||
| CVE-2023-7345 | 1 Ledger | 2 Hw-app-eth, Ledger Live | 2026-07-15 | 6.5 Medium |
| Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can obtain signatures on truncated or misinterpreted message values to authorize unintended blockchain transactions, such as asset transfers at incorrect amounts. | ||||
| CVE-2023-7338 | 2 Commscope, Ruckusnetworks | 58 Ruckus C110, Ruckus E510, Ruckus H320 and 55 more | 2026-07-15 | 7.5 High |
| Ruckus Unleashed contains a remote code execution vulnerability in the web-based management interface that allows authenticated remote attackers to execute arbitrary code on the system when gateway mode is enabled. Attackers can exploit this vulnerability by sending specially crafted requests through the management interface to achieve arbitrary code execution on affected systems. | ||||
| CVE-2023-54346 | 2 Backupbliss, Wordpress | 3 Backup Migration, Wordpress Plugin Backup Migration, Wordpress | 2026-07-15 | 7.5 High |
| WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps. | ||||