Export limit exceeded: 365200 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365200 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365200 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7639 | 1 Imaginationtech | 1 Graphics Ddk | 2026-07-13 | 7.8 High |
| Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory. | ||||
| CVE-2026-45196 | 1 Imaginationtech | 1 Graphics Ddk | 2026-07-13 | 7.8 High |
| Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation. | ||||
| CVE-2026-57574 | 1 Misskey | 1 Misskey | 2026-07-13 | N/A |
| Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If both credentials and a TOTP code are obtained concurrently, an attacker may reuse the code to perform unauthorized actions, potentially leading to account takeover. This issue is fixed in version 2026.6.0. | ||||
| CVE-2026-58503 | 1 Frappe | 1 Frappe | 2026-07-13 | N/A |
| Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the reset_password endpoint. This issue is fixed in versions 16.16.0 and 15.106.0. | ||||
| CVE-2026-59155 | 1 Nezhahq | 1 Nezha | 2026-07-13 | N/A |
| Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud SecretKeys, Slack, Discord, and Telegram webhook URLs with embedded bot tokens, and Authorization header values, without any field-level redaction. Any authenticated admin or PAT with nezha:ddns:read or nezha:notification:read scope can receive stored credentials through the listDDNS and listNotification handlers in a single API response. This issue is fixed in version 2.2.5. | ||||
| CVE-2026-11909 | 1 Drupal | 1 Examples For Developers | 2026-07-13 | 3.3 Low |
| Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6. | ||||
| CVE-2026-58228 | 1 Phoenixframework | 1 Phoenix Live View | 2026-07-13 | N/A |
| Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.valid_destination!/2 and Phoenix.LiveView.Utils.valid_live_navigation_destination!/2 functions in lib/phoenix_live_view/utils.ex rely on an internal uri_scheme/1 helper that only detects a scheme when the input's first byte is an ASCII letter. Inputs beginning with an ASCII control character or space fall through to a nil-returning clause, causing the URL to be treated as a safe relative path. Standard browsers implement the WHATWG URL parser, which strips leading C0 control and space characters before parsing. As a result, an input such as " javascript:alert(1)" is passed unchanged into <.link href={...}> and, when clicked, is parsed by the browser as a javascript: URL that executes attacker-controlled script in the victim's session. Applications that render user-supplied URLs (for example profile links, redirect targets, or external references) via <.link href={...}> are affected. This issue affects phoenix_live_view: from 1.2.2 before 1.2.7. | ||||
| CVE-2026-57212 | 1 Rabbitmq | 1 Rabbitmq-server | 2026-07-13 | N/A |
| RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_management HTTP API accepts oversized valid JSON bodies on with_decode and direct_request paths because read_complete_body checks the accumulated size before the final chunk but not the final combined size. This issue is fixed in versions 3.13.14, 4.0.19, 4.1.10, and 4.2.5. | ||||
| CVE-2026-34196 | 1 Imaginationtech | 1 Graphics Ddk | 2026-07-13 | 7.8 High |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the second mapping The second virtual mapping references a physical address that has been freed after the first virtual mapping has been freed. This allows the physical memory to be allocated (for example) by another process and read/written to. | ||||
| CVE-2026-45203 | 1 Imaginationtech | 1 Graphics Ddk | 2026-07-13 | 7.8 High |
| Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use. | ||||
| CVE-2026-55664 | 1 Gristlabs | 1 Grist-core | 2026-07-13 | 4.3 Medium |
| Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, including public access on a publicly viewable document, could request the metadata of any widget and reveal table and column structure that access rules would otherwise hide, even in documents that contain no forms. This issue is fixed in version 1.7.15. | ||||
| CVE-2026-55882 | 1 Tilt-dev | 1 Tilt | 2026-07-13 | N/A |
| Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memory through /debug/pprof/heap and /debug/pprof/goroutine, including session and apiserver tokens, and degrade performance through /debug/pprof/profile or /debug/pprof/trace. This issue is fixed in version 0.37.4. | ||||
| CVE-2026-56240 | 1 Cap-go | 1 Cap-go | 2026-07-13 | 4.3 Medium |
| Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan_valid expression and the authoritative billing gate to gain continued access to /updates, /stats, /channel_self, and attachment upload endpoints after credit depletion. | ||||
| CVE-2026-15089 | 1 Drupal | 1 Commerce Guest Registration | 2026-07-13 | 9.1 Critical |
| vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. | ||||
| CVE-2026-11913 | 1 Drupal | 1 Mother May I | 2026-07-13 | 9.8 Critical |
| vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. | ||||
| CVE-2026-61504 | 2026-07-13 | 5.4 Medium | ||
| Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name contains script that executes in the browser of anyone viewing the listing. | ||||
| CVE-2025-45869 | 2026-07-13 | N/A | ||
| LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side request to an attacker-controlled host. | ||||
| CVE-2026-61462 | 2026-07-13 | 8.6 High | ||
| mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted job_id values like ../../../user to escape the intended path prefix and access arbitrary GitLab API resources using the operator's personal access token. | ||||
| CVE-2026-13237 | 1 Drupal | 1 Ai Agents | 2026-07-13 | 4.8 Medium |
| Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1. | ||||
| CVE-2026-13238 | 1 Drupal | 1 Commerce Realex / Global Payments | 2026-07-13 | 4.8 Medium |
| Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2. | ||||