Export limit exceeded: 364535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364535 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13696 1 Havelsan 1 Liman Mys 2026-07-10 8.8 High
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107.
CVE-2011-10043 1 Bingos 1 Module::load 2026-07-10 9.8 Critical
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
CVE-2026-6101 2 Mohammed Kaludi, Wordpress 2 Amp For Wp – Accelerated Mobile Pages, Wordpress 2026-07-10 7.5 High
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory.
CVE-2026-12352 1 Digi International 2 Digi One Sp / Sp Ia / Ia, Portserver Ts 1/2/4 2026-07-10 5.9 Medium
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.
CVE-2026-12948 1 Digi International 4 Digi One Ia, Digi One Sp, Digi One Sp Ia and 1 more 2026-07-10 N/A
A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79).
CVE-2026-14935 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2026-07-10 3.7 Low
A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams.
CVE-2026-57851 1 Msi 1 Kerncorelib64.sys 2026-07-10 7.8 High
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privileges. Attackers can exploit the accessible device object through IOCTL handlers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software.
CVE-2026-48954 1 Joomla 1 Joomla! 2026-07-10 N/A
Improper validation leads to a generic XSS vector in the language override feature.
CVE-2026-48949 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of validation leads to an XSS vulnerability in the MFA management views.
CVE-2026-48948 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
CVE-2026-48953 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
CVE-2026-48951 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
CVE-2026-48957 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows unauthorized users to access com_privacy datasets.
CVE-2026-48956 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows users to display a list of modules in the frontend.
CVE-2026-48955 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows unauthorized users to access workflow stage and transition information.
CVE-2026-48950 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
CVE-2026-48958 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
CVE-2026-48947 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows privileged users to overwrite media files without editing permissions.
CVE-2026-48952 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
CVE-2026-44877 1 Hpe 1 Networking Instant On 2026-07-10 6.5 Medium
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.