Export limit exceeded: 366649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366649 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50147 | 1 Metabase | 1 Metabase | 2026-07-15 | 7.6 High |
| Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters to a MySQL or MariaDB connection, causing the driver to read files from the Metabase host and expose the contents through queries against the connected database or through validation error messages. This issue is fixed in versions 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4. | ||||
| CVE-2026-62683 | 1 Filebrowser | 1 Filebrowser | 2026-07-15 | 3.1 Low |
| File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the share cleanup path calls DeleteWithPathPrefix(file.Path, userID) and the Bolt backend performs the database prefix query with the unnormalized path before trimming the slash for boundary checks, so deleting /a/ does not delete the stored /a share and the stale public share exposes future content if the same path is recreated. This issue is fixed in version 2.63.17. | ||||
| CVE-2026-33444 | 2026-07-15 | N/A | ||
| CVE-2026-33444 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server. | ||||
| CVE-2026-33443 | 2026-07-15 | N/A | ||
| CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server. | ||||
| CVE-2026-50144 | 2026-07-15 | 7.1 High | ||
| ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write in ncnn::ParamDict::load_param() when Net::load_param() loads a malicious .param model file because the parsed parameter id is checked only against id >= NCNN_MAX_PARAM_COUNT, allowing a negative id to index before the params[NCNN_MAX_PARAM_COUNT] array. This vulnerability is fixed by commit 5a0288f255daa6c3294f77109f67718e434ec020. | ||||
| CVE-2026-40958 | 2026-07-15 | N/A | ||
| CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client. | ||||
| CVE-2026-48270 | 1 Adobe | 1 Premiere | 2026-07-15 | 7.8 High |
| Premiere Pro is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-61452 | 1 Getgrav | 1 Grav | 2026-07-15 | 5.3 Medium |
| The Grav API plugin (getgrav/grav-plugin-api) before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti (JWT ID) claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime (default 1 hour) regardless of logout, password change, new token issuance, or account disablement. An attacker who has stolen an access token retains full API access until the token naturally expires. | ||||
| CVE-2026-40957 | 2026-07-15 | N/A | ||
| o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator. | ||||
| CVE-2026-40956 | 2026-07-15 | N/A | ||
| CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small amount of random memory to leak. | ||||
| CVE-2026-40955 | 2026-07-15 | N/A | ||
| CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client. | ||||
| CVE-2026-12166 | 1 Little Orbit | 1 Gamefirst Anti-cheat | 2026-07-15 | 5.5 Medium |
| A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash. | ||||
| CVE-2026-12168 | 1 Little Orbit | 1 Gamefirst Anti-cheat | 2026-07-15 | 7.8 High |
| An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port. | ||||
| CVE-2026-54408 | 2026-07-15 | 8.6 High | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming. | ||||
| CVE-2026-50748 | 2026-07-15 | 9.9 Critical | ||
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device. | ||||
| CVE-2026-54404 | 2026-07-15 | 8.8 High | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||||
| CVE-2026-50747 | 2026-07-15 | 9.9 Critical | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device. | ||||
| CVE-2026-55111 | 1 Ubiquiti | 1 Unifi Protect Floodlight | 2026-07-15 | 7.5 High |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight. | ||||
| CVE-2026-55117 | 2026-07-15 | 8.6 High | ||
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device. | ||||
| CVE-2026-55116 | 2026-07-15 | 9 Critical | ||
| A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices. | ||||