Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50261 | 2 Redhat, X.org | 11 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 8 more | 2026-07-13 | 7.8 High |
| A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-55727 | 1 Genetec | 1 Security Center | 2026-07-13 | 7.5 High |
| A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams. | ||||
| CVE-2026-50811 | 1 Freetype | 1 Freetype | 2026-07-13 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates | ||||
| CVE-2026-57805 | 2026-07-13 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects Tonda: from n/a through <= 2.5. | ||||
| CVE-2026-24697 | 2026-07-13 | 7.2 High | ||
| An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-15548 | 1 Shibby | 1 Tomato | 2026-07-13 | 8.8 High |
| A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely. This project is superseded by FreshTomato. | ||||
| CVE-2026-58253 | 1 Nats | 1 Nats Server | 2026-07-13 | 8.8 High |
| NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16. | ||||
| CVE-2026-58252 | 1 Nats | 1 Nats Server | 2026-07-13 | 6.5 Medium |
| NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16. | ||||
| CVE-2026-44024 | 1 Fluentd | 1 Fluentd | 2026-07-13 | 9.8 Critical |
| Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd allows dynamically constructing file paths using the ${tag} placeholder, and insufficient validation of ${tag} in file configurations such as the path parameter of the out_file plugin allows attackers sending untrusted tags containing path traversal characters to write or overwrite arbitrary files and potentially achieve remote code execution. This issue is fixed in version 1.19.3. | ||||
| CVE-2026-15107 | 1 Google | 1 Chrome | 2026-07-13 | 8.8 High |
| Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-51924 | 1 Docuform | 1 Client | 2026-07-13 | 8.1 High |
| An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component | ||||
| CVE-2026-12517 | 2026-07-13 | 5.3 Medium | ||
| The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users (the gating nonce is exposed on public pages carrying an embed) to make the site request internal and private-network URLs and read back the parsed page metadata. This is a Server-Side Request Forgery. | ||||
| CVE-2026-15542 | 1 Will-moss | 1 Isaiah | 2026-07-13 | 7.3 High |
| A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-59793 | 1 Jetbrains | 1 Teamcity | 2026-07-13 | 8.8 High |
| In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration | ||||
| CVE-2026-59796 | 1 Jetbrains | 1 Teamcity | 2026-07-13 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks | ||||
| CVE-2026-57280 | 1 Jenkins Project | 1 Jenkins Script Security Plugin | 2026-07-13 | 8.8 High |
| Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection. | ||||
| CVE-2026-52195 | 1 Utt | 1 Nv518g | 2026-07-13 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component | ||||
| CVE-2026-52197 | 1 Utt | 1 Nv518g | 2026-07-13 | 7.5 High |
| An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component | ||||
| CVE-2026-15536 | 1 Itsourcecode | 1 Hospital Management System | 2026-07-13 | 6.3 Medium |
| A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-13966 | 1 Google | 1 Chrome | 2026-07-13 | 4.3 Medium |
| Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||