Export limit exceeded: 365814 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365814 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14782 | 2026-07-16 | 4.9 Medium | ||
| The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the Customer Import in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with wpamelia-manager role, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-60063 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 7 High |
| An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation or system instability. | ||||
| CVE-2026-61389 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 7 High |
| An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation or system instability. | ||||
| CVE-2026-60140 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 6.1 Medium |
| An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This can lead to exposing sensitive information or causing the affected product to become unstable or unavailable. | ||||
| CVE-2026-57896 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 6.1 Medium |
| An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product. | ||||
| CVE-2026-60073 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 5.9 Medium |
| An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB device. This can lead to a system crash or disclosure of kernel memory. | ||||
| CVE-2026-53412 | 2026-07-16 | 9.8 Critical | ||
| Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access. | ||||
| CVE-2026-53411 | 2026-07-16 | 7.8 High | ||
| A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges. | ||||
| CVE-2026-53410 | 2026-07-16 | 7 High | ||
| A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges. | ||||
| CVE-2026-53409 | 2026-07-16 | 7.8 High | ||
| Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2026-38158 | 2026-07-16 | N/A | ||
| A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements. | ||||
| CVE-2026-15352 | 2026-07-16 | 7.5 High | ||
| A vulnerability exists in the Health & Safety (HS) application of NASA's Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service. | ||||
| CVE-2024-34268 | 2026-07-16 | 7.1 High | ||
| EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46 was discovered to allow unsecured bluetooth connections. This vulnerability allows attackers to gain full access to the device without authentication. | ||||
| CVE-2024-32389 | 2026-07-16 | 3.5 Low | ||
| Buffer Overflow vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the update URLs component. | ||||
| CVE-2024-32387 | 2026-07-16 | 5.7 Medium | ||
| An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the community string component. | ||||
| CVE-2024-32386 | 2026-07-16 | 7.3 High | ||
| Directory traversal vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the SNMP update mechanism. | ||||
| CVE-2024-32385 | 2026-07-16 | 4.3 Medium | ||
| An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via a boardID and revisionID components | ||||
| CVE-2026-15129 | 1 Google | 1 Chrome | 2026-07-16 | 8.8 High |
| Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-15133 | 1 Google | 1 Chrome | 2026-07-16 | 8.8 High |
| Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15109 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||