Export limit exceeded: 366739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366739 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-5674 1 Redhat 1 Enterprise Linux 2026-07-16 8.8 High
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.
CVE-2026-55026 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-16 6.2 Medium
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-55020 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-16 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-59840 1 Fortinet 4 Fortios, Fortipam, Fortiproxy and 1 more 2026-07-16 4.1 Medium
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.5, FortiProxy 7.4.0 through 7.4.13, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow attacker to information disclosure via <insert attack vector here>
CVE-2025-43892 1 Fortinet 1 Fortios 2026-07-16 4.1 Medium
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
CVE-2026-58380 2 Gnome, Redhat 2 Gimp, Enterprise Linux 2026-07-16 7.3 High
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
CVE-2026-50408 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-16 5.5 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-50666 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-16 8.8 High
Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-23538 1 Redhat 1 Openshift Ai 2026-07-16 7.5 High
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
CVE-2026-50497 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 6.5 Medium
Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network.
CVE-2026-50491 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 7 High
Out-of-bounds read in Code Integrity DLL (ci.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-10649 2 Clusterlabs, Redhat 4 Pacemaker, Enterprise Linux, Openshift and 1 more 2026-07-16 8.6 High
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.
CVE-2026-58384 2 Gnu, Redhat 2 Gimp, Enterprise Linux 2026-07-16 7.3 High
A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
CVE-2026-50420 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-16 6.2 Medium
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.
CVE-2026-50389 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-16 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50465 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-16 7.1 High
Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.
CVE-2026-15652 2026-07-16 6.4 Medium
The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-35143 2026-07-16 3 Low
HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow a remote attacker to execute Cross-Site Request Forgery (CSRF) attacks if additional mitigations, such as Anti-CSRF tokens, are not implemented.
CVE-2026-15637 1 Devolutions 1 Server 2026-07-16 7.5 High
Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier.
CVE-2026-35145 2026-07-16 3.1 Low
HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security (HSTS) policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted connection (HTTP) and conduct man-in-the-middle (MitM) attacks. To remediate this, the application must include the "Strict-Transport-Security" header in all web application responses.