Export limit exceeded: 361957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361957 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15666 | 1 Assimp | 1 Assimp | 2026-07-01 | 5.3 Medium |
| A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128. | ||||
| CVE-2026-13940 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Uninitialized Use in Cast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Medium) | ||||
| CVE-2026-13950 | 1 Google | 1 Chrome | 2026-07-01 | 5.3 Medium |
| Uninitialized Use in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13986 | 1 Google | 1 Chrome | 2026-07-01 | 4.2 Medium |
| Inappropriate implementation in Media UI in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-57963 | 1 Mozilla | 1 Thunderbird | 2026-07-01 | 6.5 Medium |
| An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1. | ||||
| CVE-2026-43958 | 1 Redhat | 1 Enterprise Linux | 2026-07-01 | 7.8 High |
| A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data. | ||||
| CVE-2026-13574 | 1 Llvm | 1 Llvm-project | 2026-07-01 | 3.3 Low |
| A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-12085 | 1 Ibm | 2 Ucd Ibm Devops Deploy, Ucd Ibm Urbancode Deploy | 2026-07-01 | 6.5 Medium |
| IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system. | ||||
| CVE-2026-14035 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14048 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low) | ||||
| CVE-2026-56364 | 1 Imagemagick | 1 Imagemagick | 2026-07-01 | 1.9 Low |
| ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service. | ||||
| CVE-2026-56777 | 1 N8n | 1 N8n | 2026-07-01 | 5 Medium |
| n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module namespace. The issue only affects self-hosted instances where the Python Task Runner is enabled; where N8N_BLOCK_RUNNER_ENV_ACCESS is configured to allow it, this can disclose environment variables accessible to the task runner process. | ||||
| CVE-2026-14062 | 1 Google | 1 Chrome | 2026-07-01 | 5.9 Medium |
| Inappropriate implementation in Views in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2026-14070 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Integer overflow in WebNN in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14103 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Use after free in SSL in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14119 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low) | ||||
| CVE-2026-14125 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-7839 | 1 Uvnc | 1 Ultravnc | 2026-07-01 | 9.1 Critical |
| UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy_s(saved_password, 64, "adminadmi2"). The HTTP Basic-auth handler wi_decode_auth() checks this password without rate-limiting or lockout. Any remote attacker who can reach the repeater HTTP port (default TCP 80) can authenticate as administrator using the well-known default credential on a fresh or unmodified installation, gaining full control of the repeater configuration including allow/deny rules and session visibility. | ||||
| CVE-2026-53906 | 2026-07-01 | N/A | ||
| MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions. | ||||
| CVE-2026-53907 | 2026-07-01 | N/A | ||
| MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file containing malicious JavaScript code that is executed when the logo is rendered or opened. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions. | ||||