Export limit exceeded: 365145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-58304 | 1 Samsung Open Source | 1 Escargot | 2026-07-15 | 6.1 Medium |
| Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. | ||||
| CVE-2026-54798 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-15 | 6.5 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions. | ||||
| CVE-2026-54801 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-15 | 7.2 High |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges. | ||||
| CVE-2026-54118 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-07-15 | 8.8 High |
| Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-54131 | 1 Microsoft | 8 365 Apps, Office 2019, Office 2021 and 5 more | 2026-07-15 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-13461 | 1 Payrange | 1 Payrange | 2026-07-15 | 9.6 Critical |
| When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device. | ||||
| CVE-2026-50663 | 1 Microsoft | 2 Age Of Empires Ii, Age Of Empires Ii | 2026-07-15 | 8.8 High |
| Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-54112 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-07-15 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-51119 | 2026-07-15 | 9.1 Critical | ||
| An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components | ||||
| CVE-2026-50678 | 1 Microsoft | 9 365 Apps, Excel 2016, Office 2019 and 6 more | 2026-07-15 | 6.6 Medium |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-12505 | 1 Redhat | 4 Cifs-utils, Enterprise Linux, Openshift and 1 more | 2026-07-15 | 7.8 High |
| A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system. | ||||
| CVE-2026-21050 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-15 | N/A |
| Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2026-21051 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-15 | N/A |
| Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | ||||
| CVE-2026-15028 | 1 Redhat | 3 Enterprise Linux, Hummingbird, Openshift | 2026-07-15 | 3.9 Low |
| A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system. | ||||
| CVE-2026-56690 | 1 Dell | 1 Powerflex Manager | 2026-07-15 | 8.5 High |
| Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access. | ||||
| CVE-2026-56689 | 1 Dell | 1 Powerflex Manager | 2026-07-15 | 7.7 High |
| Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-50468 | 1 Microsoft | 3 Microsoft Sql Server 2025 (cu 2), Microsoft Sql Server 2025 For X64-based Systems (gdr), Sql Server 2025 | 2026-07-15 | 6.5 Medium |
| Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-13385 | 1 Asus | 1 Router | 2026-07-15 | N/A |
| An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-15029 | 1 Asus | 3 Business Manager, System Control Interface, System Control Interface V3 | 2026-07-15 | N/A |
| Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protections. Refer to the ' Security Update for ASUS System Control Interface ' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-15030 | 1 Asus | 3 Business Manager, System Control Interface, System Control Interface V3 | 2026-07-15 | N/A |
| Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security Update for ASUS System Control Interface ' section on the ASUS Security Advisory for more information. | ||||