Export limit exceeded: 365399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365399 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49169 | 1 Microsoft | 2 Windows Server 2025, Windows Server 2025 (server Core Installation) | 2026-07-15 | 8 High |
| Use after free in DNS Server allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-15703 | 1 Sourcecodester | 1 Simple And Nice Shopping Cart Script | 2026-07-15 | 7.3 High |
| A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-15594 | 1 Waooai | 1 Waoowaoo | 2026-07-15 | 3.7 Low |
| A vulnerability was found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of the argument storageKey results in improper authorization. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-13753 | 1 Hp | 1 Hp 2800 Printer Series | 2026-07-15 | 7.5 High |
| A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other administrative security state details. When accessed through the web interface, these setting pages explicitly require administrator credentials before sensitive information is displayed. | ||||
| CVE-2026-11405 | 2026-07-15 | 9.8 Critical | ||
| The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor | ||||
| CVE-2026-59889 | 1 Fasterxml | 1 Jackson-databind | 2026-07-15 | 6.5 Medium |
| jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped() replays buffered JSON for a @JsonUnwrapped property and calls prop.deserializeAndSet() without a prop.visibleInView(ctxt.getActiveView()) guard, allowing a property annotated with both @JsonView and @JsonUnwrapped to be written from attacker JSON under a less-privileged active view. This issue is fixed in versions 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1. | ||||
| CVE-2026-24233 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 8.4 High |
| NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-47472 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 7.8 High |
| NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service. | ||||
| CVE-2026-49459 | 1 Cure53 | 1 Dompurify | 2026-07-15 | 6.1 Medium |
| DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitize(root, { IN_PLACE: true }) could preserve event-handler attributes on an attacker-controlled <form> root when a descendant name clobbered properties checked by _isClobbered, because _forceRemove no-opped on the parent-less root and _sanitizeAttributes returned early. This issue is fixed in version 3.4.6. | ||||
| CVE-2026-47471 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 7.5 High |
| NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service. | ||||
| CVE-2026-49978 | 1 Cure53 | 1 Dompurify | 2026-07-15 | 8.1 High |
| DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify IN_PLACE sanitization could skip shadow contents attached to an element inside <template>.content, allowing attacker-controlled markup such as event handlers, JavaScript URLs, or scripts to survive and execute when an application cloned and inserted the sanitized template. This issue is fixed in version 3.4.7. | ||||
| CVE-2026-24229 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 7.3 High |
| NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service. | ||||
| CVE-2026-24234 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 6.8 Medium |
| NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure. | ||||
| CVE-2026-24220 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 6.4 Medium |
| NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution. | ||||
| CVE-2026-24226 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 6.3 Medium |
| NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||||
| CVE-2026-47470 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 6.2 Medium |
| NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-47475 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 6.2 Medium |
| NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24271 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-15 | 6.2 Medium |
| NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-15768 | 1 Google | 1 Chrome | 2026-07-15 | N/A |
| Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-24238 | 1 Nvidia | 1 Tensorrt | 2026-07-15 | 7.8 High |
| NVIDIA TensorRT for contains a vulnerability where an attacker might cause an improper validation of array index. A successful exploit of this vulnerability might lead to code execution. | ||||