Export limit exceeded: 86854 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366430 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366430 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366430 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-58461 | 2026-07-14 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-15699 | 1 Spencermountain | 1 Compromise | 2026-07-14 | 6.3 Medium |
| A vulnerability was identified in spencermountain compromise up to 14.15.1. Affected is the function nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the argument plugin leads to improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is b4644ab7179700df0607521f61c1ee9b5f78d89d. Applying a patch is the recommended action to fix this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2026-15043 | 2026-07-14 | 9.8 Critical | ||
| DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the is_matched method, <= was evaluated using Perl's ge operator, and >= was evaluated using Perl's le operator. SQL::Nano is the fallback query engine for DBI's file-backed drivers (DBD::File, DBD::DBM, CSV-style drivers) whenever SQL::Statement is not installed, and is forced whenever DBI_SQL_NANO=1. Queries over such tables use these predicates directly. The impact depends on the context. Where an application relies on a WHERE clause to filter file-backed data for policy or authorization, an inverted <=/>= comparison silently returns the wrong rows. | ||||
| CVE-2026-15044 | 1 Redhat | 1 Openshift Ai | 2026-07-14 | 6.3 Medium |
| A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models. | ||||
| CVE-2026-15113 | 1 Google | 1 Chrome | 2026-07-14 | 9.6 Critical |
| Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14902 | 1 Ivanti | 1 Xtraction | 2026-07-14 | 4 Medium |
| An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated attacker to redirect users to arbitrary external URLs. | ||||
| CVE-2026-14903 | 1 Ivanti | 1 Xtraction | 2026-07-14 | 7.7 High |
| Path traversal in Ivanti Xtraction before version 2026.2.1 allows a remote authenticated attacker to read arbitrary files outside the web root. | ||||
| CVE-2026-15265 | 2026-07-14 | 9.1 Critical | ||
| A path traversal vulnerability in Tenable Agent 11.2.0 and 11.1.3 and lower allows a privileged attacker to write arbitrary files outside the intended plugin directory, potentially leading to remote code execution. | ||||
| CVE-2025-12011 | 2026-07-14 | N/A | ||
| A denial-of-service issue exists in 5370/5570 controllers. This vulnerability could potentially allow a remote user to load an invalid project, causing the device to enter a major non-recoverable fault (MNRF). | ||||
| CVE-2025-12012 | 2026-07-14 | N/A | ||
| A denial-of-service issue exists in 5380/5480/5580 controllers. This vulnerability could potentially allow a malicious user to write invalid file data to the controller, causing the device to enter a major non-recoverable fault (MNRF). | ||||
| CVE-2025-12758 | 2 Validator Project, Validatorjs | 2 Validator, Validator.js | 2026-07-14 | 7.5 High |
| Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service. | ||||
| CVE-2026-9653 | 2026-07-14 | N/A | ||
| A denial-of-service security issue exists across all the 1756-EN2, EN3, and ENBT communication module due to improper validation of CIP Implicit Connection packets. An attacker on the network can exploit this by sending crafted packets to continuously disrupt device connections, though device connections will recover immediately after. | ||||
| CVE-2024-21529 | 1 Dset Project | 1 Dset | 2026-07-14 | 8.2 High |
| Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program. | ||||
| CVE-2026-10573 | 2026-07-14 | N/A | ||
| A denial-of-service security issue exists in 1734 POINT I/O™ module. The security issue stems from improper handling of crafted CIP messages, which can cause the module to enter a faulted state. A restart is required to recover. | ||||
| CVE-2026-9140 | 2026-07-14 | N/A | ||
| A denial-of-service security issue exists in the 1719-AENTR. The security issue stems from improper handling of a UDP unicast network storm, which causes the device to become overloaded and lose communication. A power cycle is required to recover. | ||||
| CVE-2026-60114 | 2026-07-14 | 7.5 High | ||
| Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a path traversal vulnerability that allows attackers with access to the restore functionality to write files to arbitrary locations by uploading crafted JSON backup files with unvalidated keys used to construct file paths. Attackers can exploit the lack of key validation in the JSON restore process, combined with the absence of a required passphrase in the default configuration or the default passphrase 'opendoor', to write arbitrary JSON files outside the intended data directory. | ||||
| CVE-2026-51105 | 2026-07-14 | 7.5 High | ||
| Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 allows a remote attacker to cause a denial of service via the OP_SERVERMESSAGE Handler. | ||||
| CVE-2026-58479 | 2026-07-14 | 9.8 Critical | ||
| Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a command injection vulnerability in the optional cli_control plugin that allows unauthenticated or cross-site request forgery attackers to execute arbitrary operating-system commands by storing a malicious payload via the plugin's HTTP endpoint. Attackers can trigger execution by activating the associated irrigation station, exploiting the absence of passphrase protection or the default passphrase 'opendoor', to achieve arbitrary command execution on the underlying host. | ||||
| CVE-2026-15696 | 1 Tenda | 1 Be12 Pro | 2026-07-14 | 8.8 High |
| A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-15130 | 1 Google | 1 Chrome | 2026-07-14 | 4.3 Medium |
| Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||