Export limit exceeded: 362376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362376 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-59510 | 1 Ail-project | 1 Ail-framework | 2026-07-06 | N/A |
| AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.get_filepath() function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, without verifying that the resolved path remained within the intended PDF_FOLDER directory. An authenticated attacker able to invoke PDF object operations with a crafted identifier could use relative traversal sequences or absolute path components to cause AIL Framework to open files located outside the PDF storage directory. This could allow disclosure of files readable by the AIL process, including application configuration, credentials, or other sensitive local data. This vulnerability is potential due to additional errors before being able to be executed. The fix canonicalises the resulting path with os.path.realpath() and rejects paths whose common directory is outside the configured PDF directory. | ||||
| CVE-2026-6509 | 2026-07-06 | 7.8 High | ||
| Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation. This issue affects Pardus Update: from <=0.6.3 before 0.6.6. | ||||
| CVE-2026-14759 | 1 Radareorg | 1 Radare2 | 2026-07-06 | 3.3 Low |
| A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function r_bin_java_inner_classes_attr_calc_size of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The patch is named cd62d15a6cbecdc67fd03f3ebdbbbeb741d18f87. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2025-71353 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded. | ||||
| CVE-2026-14766 | 1 Codeastro | 1 Apartment Visitor Management System | 2026-07-06 | 6.3 Medium |
| A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-14772 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-07-06 | 7.3 High |
| A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-71366 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files. | ||||
| CVE-2026-14778 | 1 Sourcecodester | 1 Onlne Examination Learning Management System | 2026-07-06 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manipulation of the argument student_id/schedule_id/action leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The name of the affected product appears to have a typo in it. | ||||
| CVE-2026-55115 | 2026-07-06 | 9.9 Critical | ||
| A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device. | ||||
| CVE-2026-55114 | 1 Ubiquiti | 1 Unifi Network Application | 2026-07-06 | 8.8 High |
| A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application. | ||||
| CVE-2022-4990 | 1 Asus | 1 Ai Suite 3 | 2026-07-06 | N/A |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. | ||||
| CVE-2026-9545 | 1 Curl | 1 Curl | 2026-07-06 | N/A |
| In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL session (`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the `CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might send off the second request's bytes on that new connection *before* enforcing the certificate verification failure. Potentially leaking sensitive information. | ||||
| CVE-2026-10054 | 1 Eclipse | 1 Theia | 2026-07-06 | 8.8 High |
| In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header is missing or when no THEIA_HOSTS allowlist is configured (the default). The Socket.IO integration additionally replaces the real Origin header with a client-supplied fix-origin header that an attacker can control or omit. As a result, a foreign-origin web page visited by a user with a running Theia instance can open the /services WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication. A fix is in development that enforces same-origin validation by default, removes trust in the fix-origin header, gates HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitizes shell terminal creation options. | ||||
| CVE-2026-44268 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 4.4 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. | ||||
| CVE-2026-41124 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 2.3 Low |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-46467 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 5.8 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. | ||||
| CVE-2026-46463 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 6.5 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2026-49813 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-06 | 6.7 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. | ||||
| CVE-2025-71380 | 1 N8n | 1 N8n | 2026-07-06 | 8.8 High |
| The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise. | ||||
| CVE-2026-7185 | 1 T-systems | 4 Archivo, Buroweb, Estima and 1 more | 2026-07-06 | N/A |
| A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the scope intended by the application. | ||||