Export limit exceeded: 363759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363759 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54798 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-11 | 6.5 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions. | ||||
| CVE-2026-54800 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-11 | 4.8 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions. | ||||
| CVE-2026-13461 | 1 Payrange | 1 Payrange | 2026-07-11 | 9.6 Critical |
| When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device. | ||||
| CVE-2026-13462 | 1 Payrange | 1 Payrange | 2026-07-11 | 7.5 High |
| PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends. | ||||
| CVE-2026-43752 | 1 Claris | 1 Filemaker Server | 2026-07-11 | 4.9 Medium |
| An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1. | ||||
| CVE-2026-21039 | 1 Samsung | 1 Mobile Devices | 2026-07-11 | N/A |
| Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. | ||||
| CVE-2026-21040 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-11 | N/A |
| Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs. | ||||
| CVE-2026-21043 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-11 | N/A |
| Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege. | ||||
| CVE-2026-21045 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-11 | N/A |
| Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | ||||
| CVE-2026-21051 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-11 | N/A |
| Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | ||||
| CVE-2026-21052 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-11 | N/A |
| Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. | ||||
| CVE-2026-21054 | 1 Samsung Mobile | 1 Inputsharing | 2026-07-11 | N/A |
| Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | ||||
| CVE-2026-21055 | 1 Samsung Mobile | 1 Bixby | 2026-07-11 | N/A |
| Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege. | ||||
| CVE-2026-21056 | 1 Samsung Mobile | 1 Samsung Health | 2026-07-11 | N/A |
| Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. | ||||
| CVE-2026-12276 | 2026-07-11 | 5.3 Medium | ||
| The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide. | ||||
| CVE-2026-56690 | 1 Dell | 1 Powerflex Manager | 2026-07-11 | 8.5 High |
| Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access. | ||||
| CVE-2026-54469 | 1 Dell | 1 Unisphere For Powermax | 2026-07-11 | 8.8 High |
| Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. | ||||
| CVE-2026-10660 | 1 Zephyrproject | 1 Zephyr | 2026-07-11 | 6.4 Medium |
| The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assistant.c reassembled remote Broadcast Receive State data into a single file-static net_buf_simple (att_buf, BT_ATT_MAX_ATTRIBUTE_LEN = 512 bytes) shared by all connection instances, while the BUSY flag, long-read handle, and reset/offset state were per-connection. When the device acts as a Broadcast Assistant connected to multiple Scan Delegator peripherals, notification and long-read callbacks from different connections interleave on the shared buffer: the append in notify_handler (net_buf_simple_add_mem at the not-busy branch) performs no tailroom check, so receive-state notifications from two or more delegators accumulate on the same 512-byte buffer and, with a sufficiently large configured ATT MTU (BT_L2CAP_TX_MTU up to 2000) and two-to-three concurrent connections, write past the buffer into adjacent .bss (net_buf_simple_add only asserts in debug builds). Even below the overflow threshold, one connection's net_buf_simple_reset zeroes the shared length while another connection's reassembly and GATT read offset are in flight, mixing one peer's data into another's parse. A malicious or compromised Scan Delegator (or two colluding peers) over BLE can trigger this, causing out-of-bounds writes (memory corruption / denial of service) and cross-connection data corruption. The fix moves the buffer into the per-connection instance struct so each connection reassembles into its own buffer. Affects Zephyr releases shipping the Broadcast Assistant with the shared buffer, including v4.4.0 and earlier. | ||||
| CVE-2026-15089 | 2026-07-11 | N/A | ||
| vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. | ||||
| CVE-2026-11914 | 2026-07-11 | N/A | ||
| vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. | ||||