Export limit exceeded: 363474 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363474 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14120 1 Google 1 Chrome 2026-07-09 9.6 Critical
Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-52189 1 Utt 1 Nv518g 2026-07-09 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_487330 component
CVE-2026-11965 2026-07-09 6.5 Medium
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.
CVE-2026-54404 2026-07-09 8.8 High
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVE-2024-31636 1 Lief-project 1 Lief 2026-07-09 3.9 Low
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
CVE-2024-29640 1 Messense 1 Aliyundrive-webdav 2026-07-09 9.8 Critical
An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component.
CVE-2024-29296 1 Portainer 1 Portainer 2026-07-09 5.3 Medium
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.
CVE-2024-26566 2 Iscute, Ods-im 2 Cute Http File Server, Cutehttpfileserver 2026-07-09 8.2 High
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.
CVE-2024-25294 1 Getrebuild 1 Rebuild 2026-07-09 9.1 Critical
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.
CVE-2024-24520 1 Lepton-cms 1 Leptoncms 2026-07-09 7.8 High
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVE-2024-23084 2 Apfloat, Mikkotommila 2 Apfloat, Apfloat 2026-07-09 7.5 High
Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CVE-2024-23080 1 Joda 1 Joda Time 2026-07-09 9.1 Critical
Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CVE-2024-23078 1 Jgrapht 1 Core 2026-07-09 9.1 Critical
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
CVE-2023-51141 1 Zkteco 1 Biotime 2026-07-09 6.5 Medium
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
CVE-2023-46958 1 Lmxcms 1 Lmxcms 2026-07-09 9.8 Critical
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.
CVE-2023-46010 1 Seacms 1 Seacms 2026-07-09 9.8 Critical
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
CVE-2023-45379 1 Posthemes 1 Posrotatorimg 2026-07-09 9.8 Critical
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.
CVE-2023-43336 1 Sangoma 1 Freepbx 2026-07-09 8.8 High
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
CVE-2026-11856 2 Curl, Redhat 2 Curl, Hummingbird 2026-07-09 9.8 Critical
Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Authorization:` header field meant for `hostA`, to `hostB`.
CVE-2026-26355 1 Dell 1 Powerprotect Data Domain 2026-07-09 6.5 Medium
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.