Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15479 | 1 H3c | 1 Nx15 | 2026-07-12 | 7.3 High |
| A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2026-15478 | 1 Icehrm | 1 Icehrm | 2026-07-12 | 6.3 Medium |
| A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-15087 | 2026-07-12 | N/A | ||
| vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. | ||||
| CVE-2026-15477 | 1 Bahmni | 1 Bahmnicore | 2026-07-12 | 6.3 Medium |
| A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1 and 2.0.1 mitigates this issue. Upgrading the affected component is recommended. | ||||
| CVE-2026-30689 | 1 Anjoy8 | 1 Blog.admin | 2026-07-12 | 4.3 Medium |
| In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service. | ||||
| CVE-2026-48611 | 1 Phpbb | 1 Phpbb | 2026-07-12 | N/A |
| Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations. | ||||
| CVE-2026-0128 | 1 Google | 1 Android | 2026-07-12 | 3.5 Low |
| In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-0156 | 1 Google | 1 Android | 2026-07-12 | 6.5 Medium |
| In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-10601 | 1 Grafana | 1 Grafana | 2026-07-12 | 5.4 Medium |
| A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend. | ||||
| CVE-2026-15476 | 1 Qiling | 1 Disk Master | 2026-07-12 | 5.3 Medium |
| A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component. | ||||
| CVE-2026-57299 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-07-12 | 4.3 Medium |
| Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. | ||||
| CVE-2026-52197 | 1 Utt | 1 Nv518g | 2026-07-12 | 7.5 High |
| An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component | ||||
| CVE-2026-13774 | 1 Google | 1 Chrome | 2026-07-12 | 8.1 High |
| Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical) | ||||
| CVE-2026-13775 | 1 Google | 1 Chrome | 2026-07-12 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13781 | 1 Google | 1 Chrome | 2026-07-12 | 9.6 Critical |
| Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13782 | 1 Google | 1 Chrome | 2026-07-12 | 9.6 Critical |
| Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13783 | 1 Google | 1 Chrome | 2026-07-12 | 9.6 Critical |
| Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13784 | 1 Google | 1 Chrome | 2026-07-12 | 9.6 Critical |
| Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13788 | 1 Google | 1 Chrome | 2026-07-12 | 8.8 High |
| Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13789 | 1 Google | 1 Chrome | 2026-07-12 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||