Export limit exceeded: 365836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365836 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-26719 2026-07-17 6.1 Medium
Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script
CVE-2026-61371 2026-07-17 7.5 High
Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-time via O_TRUNC, and can happen before full input validation completes (“truncation-before-validation”).
CVE-2026-13585 1 Asus 3 Business Manager, System Control Interface, System Control Interface V3 2026-07-17 N/A
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system. Refer to the '  Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.
CVE-2026-15030 1 Asus 3 Business Manager, System Control Interface, System Control Interface V3 2026-07-17 N/A
Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.
CVE-2026-9810 2026-07-17 N/A
The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitrary user creation and role escalation.
CVE-2026-13402 2026-07-17 N/A
The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from non-public navigation menu items.
CVE-2026-12393 2026-07-17 N/A
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders.
CVE-2026-11966 2026-07-17 N/A
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pending user accounts.
CVE-2026-11961 2026-07-17 N/A
The User Registration & Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into an arbitrary published membership tier and obtain its role — up to administrator when such a tier exists.
CVE-2026-11575 2026-07-17 N/A
The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash of the request body that anyone can compute. This allows unauthenticated attackers to forge a payment-success notification and mark unpaid WooCommerce orders as paid without any payment being made.
CVE-2026-10525 2026-07-17 N/A
The NEX-Forms WordPress plugin before 9.2.3 does not sanitise and escape some submitted form data before storing it and outputting it back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against high privilege users such as administrators when they view the submitted entries.
CVE-2026-49501 1 Dell 1 Powerscale Onefs 2026-07-17 6.7 Medium
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2026-40633 1 Dell 1 Powerscale Onefs 2026-07-17 7.8 High
Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2026-58549 1 Huawei 1 Harmonyos 2026-07-17 4 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58550 1 Huawei 1 Harmonyos 2026-07-17 4 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58552 1 Huawei 1 Harmonyos 2026-07-17 5.1 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58553 1 Huawei 1 Harmonyos 2026-07-17 4 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58555 1 Huawei 1 Harmonyos 2026-07-17 6.6 Medium
Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-58554 1 Huawei 2 Emui, Harmonyos 2026-07-17 6.6 Medium
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58557 1 Huawei 1 Harmonyos 2026-07-17 4.8 Medium
Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability.