Export limit exceeded: 365883 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57239 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-07-16 | 8.2 High |
| The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM. | ||||
| CVE-2026-44182 | 2026-07-16 | N/A | ||
| Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates untrusted environment variables (e.g., KERNEL_XXX) into Kubernetes manifests without YAML-aware escaping, enabling YAML injection attacks. Attackers can inject new fields, overwrite critical fields (e.g., duplicate securityContext keys, where the last one prevails), and inject document boundaries (--- for new documents, ... for end-of-document) to generate multiple resources, potentially creating arbitrary types, such as privileged pods. The Jinja2 template for the Kubernetes manifest contains several kernel_xxx variables, such as kernel_working_dir that are used when rendering the manifest and are all vectors for YAML injection. This issue has been fixed in version 3.3.0. | ||||
| CVE-2026-44181 | 2026-07-16 | N/A | ||
| Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables (KERNEL_XXX) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can use or steal the Kubernetes service account token, which can steal Kubernetes secrets and be used to fully compromise the Kubernetes cluster by scheduling a privileged pod or a pod with a hostPath volume mount. This issue has been fixed in version 3.3.0. | ||||
| CVE-2026-62826 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-07-16 | 4.6 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-50682 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more | 2026-07-16 | 7.1 High |
| Out-of-bounds read in Windows Active Directory allows an authorized attacker to deny service over a network. | ||||
| CVE-2026-50647 | 1 Microsoft | 14 .net, Windows 10 1607, Windows 10 1809 and 11 more | 2026-07-16 | 7.5 High |
| Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50528 | 1 Microsoft | 3 .net, Visual Studio 2022, Visual Studio 2026 | 2026-07-16 | 8.2 High |
| Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-56086 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-16 | 8.8 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | ||||
| CVE-2026-53480 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-16 | 2.7 Low |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification. | ||||
| CVE-2026-50411 | 1 Microsoft | 14 .net, Windows 10 1607, Windows 10 1809 and 11 more | 2026-07-16 | 7.5 High |
| Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-44180 | 2026-07-16 | 9.8 Critical | ||
| Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. Versions 2.0.0rc1 and above prior to 3.3.0 have a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root), and this restriction can be bypassed using a specially crafted KERNEL_UID or KERNEL_GID value. This input validation vulnerability allows running Jupyter kernels as root, which can be dangerous as it allows more attack surface, and may lead to container escapes, compromising the worker node and all workloads running on it. Repeated exploitation can compromise all worker nodes, and thus the entire Kubernetes cluster. It is possible to specify volume mounts, so one vector for a container escape is to use a hostPath R/W volume mount, use this UID/GID bypass to run as root, and then gain code execution in the underlying worker node by creating a crontab entry in the mounted host file system. This issue has been fixed in version 3.0.0. | ||||
| CVE-2026-50355 | 1 Microsoft | 9 .net, Windows 10 1607, Windows 10 1809 and 6 more | 2026-07-16 | 7.5 High |
| Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50324 | 1 Microsoft | 8 .net, Windows 10 1607, Windows 10 1809 and 5 more | 2026-07-16 | 5.9 Medium |
| Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50368 | 1 Microsoft | 9 .net, Windows 10 1607, Windows 10 1809 and 6 more | 2026-07-16 | 7.5 High |
| Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50304 | 1 Microsoft | 9 .net, Windows 10 1607, Windows 10 1809 and 6 more | 2026-07-16 | 7.5 High |
| Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-58598 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 2 more | 2026-07-16 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Backup Engine allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-58643 | 1 Microsoft | 1 Windows Admin Center | 2026-07-16 | 6.1 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-50653 | 1 Microsoft | 2 .net, Azure Active Directory | 2026-07-16 | 7.5 High |
| Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-50652 | 1 Microsoft | 2 .net, Azure Active Directory | 2026-07-16 | 7.5 High |
| Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-10706 | 1 Adalo No-code App Builder | 1 App Builder | 2026-07-16 | 7.5 High |
| In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties. | ||||