Export limit exceeded: 365780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365780 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48816 | 2026-07-15 | 6.5 Medium | ||
| sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries[].integratedTime for bundle v0.2 inclusionProof-only entries even though the inclusion proof path does not cryptographically bind integratedTime, allowing an attacker who can supply an untrusted bundle to influence certificate validity and timestampThreshold verification decisions. This issue is fixed in version 3.1.1. | ||||
| CVE-2025-56363 | 2026-07-15 | 7.5 High | ||
| A null pointer dereference vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters (Channel, Account Login, TargetNavigator, etc.). The function lacks proper validation of the delegate pointer before dereferencing. A remote unauthenticated attacker can exploit this issue by sending a crafted read request, causing the device to crash (denial of service). This issue has been confirmed in SDK version v1.4 (commit ab3d5ae). | ||||
| CVE-2026-62294 | 2026-07-15 | N/A | ||
| Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through it, overwriting any file the victim user could write. This issue is fixed in version 14.0.0. | ||||
| CVE-2026-11807 | 1 Redhat | 1 Ansible Automation Platform | 2026-07-15 | 9.6 Critical |
| A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys. | ||||
| CVE-2026-12112 | 1 Redhat | 1 Satellite | 2026-07-15 | 7.8 High |
| A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution. | ||||
| CVE-2026-61613 | 2026-07-15 | N/A | ||
| Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from inside the agent container to an unauthenticated local agent endpoint, enabling code execution within the affected Cloud Agent sandbox or session and access to files, repository contents, environment variables, credentials, and GitHub App access tokens available to that session. This issue was fixed on 03/31/2026 by requiring authentication for the relevant agent endpoint. | ||||
| CVE-2026-61836 | 2026-07-15 | 8.6 High | ||
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role, roles, admin, app, and policies. Directus share tokens and anonymous requests can both reduce to user null, so different shares or anonymous clients requesting the same URL and query can receive a permission-filtered cached response without permission re-evaluation. This issue is fixed in version 12.0.0. | ||||
| CVE-2026-61835 | 2026-07-15 | 7.7 High | ||
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.0.0 because api/src/request/is-denied-ip.ts treats 0.0.0.0 as a keyword for local interfaces but never blocks the literal address itself. On Linux and macOS, connecting to 0.0.0.0 reaches localhost, so an authenticated user with file-upload rights can make the server fetch internal services through the /files/import endpoint and retrieve the response as a downloadable file. This issue is fixed in version 12.0.0. | ||||
| CVE-2026-22927 | 1 Omnissa | 1 Omnissa Workspace One Tunnel For Windows | 2026-07-15 | 7.8 High |
| Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability. | ||||
| CVE-2026-53482 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-15 | 7.5 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2026-50149 | 1 Projectcontour | 1 Contour | 2026-07-15 | 6.5 Medium |
| A flaw was found in Contour. When an HTTPProxy is configured with both a fallback certificate and JWT (JSON Web Token) providers, Contour does not properly enforce JWT verification. This allows remote attackers to bypass security checks by sending requests without a valid token, specifically when clients do not provide a TLS Server Name Indication (SNI) or provide an unrecognized SNI. The consequence is unauthorized access to upstream services and potential information disclosure. | ||||
| CVE-2026-50339 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-61500 | 2026-07-15 | 9.8 Critical | ||
| Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's state, recover the signing key, and forge a valid administrator session cookie, leading to full administrative access and remote code execution via the server_code configuration feature. | ||||
| CVE-2026-47482 | 2026-07-15 | 7.5 High | ||
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause missing release of memory after effective lifetime. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-15548 | 1 Shibby | 1 Tomato | 2026-07-15 | 8.8 High |
| A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely. This project is superseded by FreshTomato. | ||||
| CVE-2026-50350 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 3 more | 2026-07-15 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-61736 | 2026-07-15 | 9.3 Critical | ||
| LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORS_ORIGINS=* combined with allow_credentials=True in lightrag/api/lightrag_server.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin requests. Any malicious website visited by an authenticated LightRAG user can silently make authenticated API requests, exfiltrating documents and knowledge graph data or performing destructive actions such as deleting the document store. This vulnerability is fixed in 1.5.4. | ||||
| CVE-2026-50293 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 3 more | 2026-07-15 | 7.8 High |
| Use after free in Windows Internal Task Bar allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-15711 | 1 Redhat | 1 Enterprise Linux | 2026-07-15 | 7.5 High |
| A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames (e.g., PING, PONG, CLOSE) contain a payload of 125 bytes or less. A remote, unauthenticated attacker can exploit this by sending a non-compliant, oversized control frame. Because the parser handles this protocol violation improperly instead of throwing an immediate connection termination error, it triggers a internal processing crash, resulting in a remote denial of service (DoS) for applications utilizing libsoup WebSockets. | ||||
| CVE-2026-49803 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. | ||||