Export limit exceeded: 366186 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366186 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366186 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366186 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-58315 | 2026-07-13 | N/A | ||
| Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed. | ||||
| CVE-2026-53481 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-13 | 9.8 Critical |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2026-62199 | 1 Openclaw | 1 Openclaw | 2026-07-13 | 8.8 High |
| OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions beyond the caller's intended authorization. | ||||
| CVE-2026-62196 | 1 Openclaw | 1 Openclaw | 2026-07-13 | 8.3 High |
| OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected feature. | ||||
| CVE-2026-39178 | 1 Alinto | 1 Sogo | 2026-07-13 | 6.3 Medium |
| A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint. | ||||
| CVE-2026-50813 | 1 Sqlite | 1 Sqlite | 2026-07-13 | 6.1 Medium |
| An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path | ||||
| CVE-2026-24698 | 2026-07-13 | 7.2 High | ||
| An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-24699 | 2026-07-13 | 7.2 High | ||
| An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-24700 | 2026-07-13 | 7.2 High | ||
| An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-41122 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-13 | 7.1 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2026-22927 | 1 Omnissa | 1 Omnissa Workspace One Tunnel For Windows | 2026-07-13 | 7.8 High |
| Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability. | ||||
| CVE-2026-53480 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-13 | 2.7 Low |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification. | ||||
| CVE-2026-62193 | 1 Openclaw | 1 Openclaw | 2026-07-13 | 4.9 Medium |
| OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy (authorization) check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's configuration and whether lower-trust input can reach the affected path. The issue is fixed in 2026.6.9. | ||||
| CVE-2026-62190 | 1 Openclaw | 1 Openclaw | 2026-07-13 | 8.8 High |
| OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform unauthorized operations when the affected feature is enabled. | ||||
| CVE-2026-62187 | 2026-07-13 | 8.1 High | ||
| OpenClaw Feishu tools (npm package @openclaw/feishu) in versions <= 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue is fixed in version 2026.6.9. Impact depends on the operator's configuration and whether lower-trust input can reach the affected feature. | ||||
| CVE-2026-15596 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-07-13 | 4.3 Medium |
| A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-10708 | 1 Adalo No-code App Builder | 1 App Builder | 2026-07-13 | 7.5 High |
| This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the absence of token revocation allows attackers to gather sensitive personal information from any Adalo application. | ||||
| CVE-2026-10706 | 1 Adalo No-code App Builder | 1 App Builder | 2026-07-13 | 7.5 High |
| In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties. | ||||
| CVE-2026-15129 | 1 Google | 1 Chrome | 2026-07-13 | 8.8 High |
| Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-15108 | 1 Google | 1 Chrome | 2026-07-13 | 4.3 Medium |
| Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High) | ||||