Export limit exceeded: 365007 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365007 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8590 | 2026-07-14 | N/A | ||
| Vulnerability in Spotfire Spotfire Enterprise (Spotfire Server modules), Spotfire Spotfire Enterprise with External Consumers (Spotfire Server modules), Spotfire Spotfire on Kubernetes (Spotfire Server modules). This issue affects Spotfire Enterprise: through 14.0.12, through 14.4.2, through 14.5.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire Enterprise with External Consumers: through 14.0.12, through 14.5.0, through 14.6.0, through 14.6.1, through 14.6.2, through 14.7.0, through 14.8.0; Spotfire on Kubernetes: through 4.2.0, 5.0.X, 6.0.X. | ||||
| CVE-2026-55461 | 1 Grokability | 1 Snipe-it | 2026-07-14 | 6.1 Medium |
| Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url()->previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect()->intended(...) when redirect_option=back is submitted, allowing Snipe-IT to be used as a trusted redirector after a legitimate user edit action. This issue is fixed in version 8.6.2. | ||||
| CVE-2026-11321 | 1 Pluginsglpi | 1 Datainjection | 2026-07-14 | 6.4 Medium |
| The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embed SQL expressions such as SLEEP() in a mapped field (for example Serial Number) to manipulate the generated query and extract database information via time-based blind injection. | ||||
| CVE-2026-55460 | 1 Grokability | 1 Snipe-it | 2026-07-14 | 7.1 High |
| Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2. | ||||
| CVE-2026-55516 | 1 Grokability | 1 Snipe-it | 2026-07-14 | 7.7 High |
| Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re-authorizing the newly supplied asset, allowing an authorized user to move a maintenance record onto an asset outside their company scope. This issue is fixed in version 8.6.2. | ||||
| CVE-2026-56668 | 1 Zitadel | 1 Zitadel | 2026-07-14 | 8.1 High |
| ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's scopes, allowing a low-privilege token to be exchanged for elevated permissions at another application. This issue is fixed in version 4.15.3. | ||||
| CVE-2026-58065 | 2026-07-14 | 8.1 High | ||
| The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server (man-in-the-middle), capturing the SSH deploy key or injecting malicious repository content. Deployments that use the Git DAG bundle or Git provider to clone over SSH with a deploy key are affected. The fix changes the default to verify host keys; upgrade to apache-airflow-providers-git `0.4.1` or later and configure a `known_hosts` file. | ||||
| CVE-2026-59245 | 1 Apache | 1 Airflow Fab Provider | 2026-07-14 | 8.1 High |
| In the Apache Airflow FAB auth manager, a DAG whose `dag_id` is `DAGs` collided with the global all-DAGs permission resource name produced by `resource_name()`, so a user granted per-DAG `access_control` on that one DAG was silently granted the global all-DAGs permission (privilege escalation). The escalation triggers when a DAG named `DAGs` exists and a lower-privileged user is given per-DAG access to it, granting that user read/edit access to every DAG. Users are advised to upgrade to `apache-airflow-providers-fab` 3.7.2 or later, which disambiguates the resource-name collision. | ||||
| CVE-2026-57433 | 2026-07-14 | 9.8 Critical | ||
| Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value. A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization. | ||||
| CVE-2026-15718 | 1 Mozilla | 1 Firefox | 2026-07-14 | 4.3 Medium |
| We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6. | ||||
| CVE-2026-57432 | 1 Shay | 1 Perl | 2026-07-14 | 8.4 High |
| Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller. | ||||
| CVE-2026-15719 | 1 Mozilla | 1 Firefox | 2026-07-14 | 5.4 Medium |
| We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6. | ||||
| CVE-2026-10715 | 1 Camaleon Cms | 1 Camaleon Cms | 2026-07-14 | N/A |
| Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post. | ||||
| CVE-2026-13221 | 1 Shay | 1 Perl | 2026-07-14 | 9.1 Critical |
| Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong. | ||||
| CVE-2026-62393 | 1 Apache | 1 Kylin | 2026-07-14 | N/A |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which fixes the issue. | ||||
| CVE-2026-8312 | 2026-07-14 | N/A | ||
| A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the expmt.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file. | ||||
| CVE-2026-61501 | 2026-07-14 | 6.1 Medium | ||
| Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs are viewed, allowing the attacker to create accounts or execute code on the server with the administrator's privileges. | ||||
| CVE-2026-12588 | 2026-07-14 | N/A | ||
| An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger decompression of a large file that consumes an excessive amount of system resources thus causing a Denial of Service. | ||||
| CVE-2026-15305 | 1 Typo3 | 1 Typo3 | 2026-07-14 | N/A |
| Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties were applied, resulting in the validator never being added to the processing pipeline. This issue affects TYPO3 CMS versions 14.2.0-14.3.5. | ||||
| CVE-2026-8313 | 2026-07-14 | N/A | ||
| A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the linker.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file. | ||||