Export limit exceeded: 366611 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366611 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-15131 1 Google 1 Chrome 2026-07-16 4.3 Medium
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-39243 1 Kevva 1 Decompress 2026-07-16 5.5 Medium
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries (type === 'link'), the x.linkname field from the archive is passed directly to fs.link() without validation (index.js line 113). An attacker can craft an archive with a hardlink entry whose linkname is an absolute path to any file on the same filesystem. This creates a hardlink inside the extraction directory that shares the same inode as the target file, enabling both reading and overwriting the original file's content. Hardlinks are limited to files on the same filesystem and cannot target directories.
CVE-2026-31267 1 Mercusys 1 Mw302r 2026-07-16 5.7 Medium
Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address.
CVE-2026-36425 2026-07-16 N/A
An issue in OPSWAT AppRemover Driver (ardrv.sys) v2017.10.02.1551 and earlier in IOCTL handler 0x2420031. Any local user can open the device and send process termination requests without privilege validation.
CVE-2026-11571 2026-07-16 7.5 High
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.
CVE-2026-47830 1 Cloudfoundry 1 Bosh-windows-stemcell-builder 2026-07-16 N/A
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full host control. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
CVE-2026-47082 1 Cyrusimap 1 Cyrus Imap 2026-07-16 5.4 Medium
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc (to save a copy of the sent message) could deliver vacation auto-reply copies into any mailbox the script could name, regardless of whether the script owner had insert permissions on the destination mailbox.
CVE-2026-47083 1 Cyrusimap 1 Cyrus Imap 2026-07-16 4.3 Medium
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search, creating a content oracle (without allowing arbitrary reads of the target's content).
CVE-2026-47089 1 Cyrusimap 1 Cyrus Imap 2026-07-16 4.3 Medium
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they could name and learn what principals had what access to it. (This action should have been restricted to users with admin access on the target mailbox.)
CVE-2026-6685 1 Chan 1 Fatfs 2026-07-16 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority following a notification that the vulnerability determination was made in error. After review, the CNA confirmed the erroneous finding. Thanks to David Brown for reaching out about this issue.
CVE-2026-47087 1 Cyrusimap 1 Cyrus Imap 2026-07-16 3.5 Low
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked.
CVE-2026-47088 1 Cyrusimap 1 Cyrus Imap 2026-07-16 3.1 Low
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 822 comment ending with a backslash. When parsing the message, the server would read past the message's end in memory, and read into the heap, returning the read content to the user.
CVE-2026-46377 1 Tomwright 1 Dasel 2026-07-16 6.2 Medium
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in (*Tokenizer).parseCurRune in selector/lexer/tokenize.go increments past a trailing backslash in a quoted string such as "\ or '\ and then reads p.src[pos] without a bounds check, allowing attacker-controlled selector strings to trigger a Go index-out-of-range panic. This issue is fixed in version 3.10.1.
CVE-2026-13461 1 Payrange 1 Payrange 2026-07-16 9.6 Critical
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.
CVE-2026-62299 2026-07-16 5.3 Medium
CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRule[T] in plugin/rewrite/edns0.go, call res.IsEdns0() and immediately dereference the returned *dns.OPT without a nil check when a downstream plugin returns a response with no OPT record. A remote, unauthenticated client can send a single ordinary DNS query matching a rewrite edns0 <local|nsid|subnet> <set|append|replace> ... revert rule, causing ResponseReverter in plugin/rewrite/reverter.go to panic, return SERVFAIL, and degrade availability, or crash the CoreDNS process if the debug directive disables recovery. This issue is fixed in version 1.14.5.
CVE-2026-47081 1 Cyrusimap 1 Cyrus Imap 2026-07-16 3.1 Low
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other users' accounts via the XAPPLEPUSHSERVICE command and then create Apple Push Notification Service notifications for new mail in those mailboxes to their own APNS device. This did not leak any data about the content of mailboxes. Instead, a "mailbox has changed" notice would be pushed when the mailbox modseq changed.
CVE-2026-47084 1 Cyrusimap 1 Cyrus Imap 2026-07-16 6.5 Medium
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions.
CVE-2026-47085 1 Cyrusimap 1 Cyrus Imap 2026-07-16 4 Medium
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the victim had never issued an auth URL, they could forge a working URLAUTH token by computing an HMAC-SHA1 value with a predictable key, giving them read access to the mailbox. (URLAUTH is an obscure feature, meaning that the odds of any user actually being susceptible to this attack are very low. Perhaps no public clients use URLAUTH.)
CVE-2026-47086 1 Cyrusimap 1 Cyrus Imap 2026-07-16 3.5 Low
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token (via the GENURLAUTH command) for any mailbox they could name, even without read access on it. This would allow reading mail from mailboxes despite having no granted permissions.
CVE-2026-46353 1 Bigbluebutton 1 Bigbluebutton 2026-07-16 8.1 High
BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web checksum validation could be bypassed when a presentationUploadExternalUrl parameter was supplied to API request handling in CreateMeeting.java and ValidationService.java, allowing a user to send valid requests to some endpoints without a checksum. This issue is fixed in version 3.0.21.