Export limit exceeded: 363662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24266 | 1 Nvidia | 1 Triton Inference Server | 2026-07-07 | 5.9 Medium |
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-14626 | 1 Nousresearch | 1 Hermes-agent | 2026-07-07 | 4.3 Medium |
| A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-14619 | 1 Itsourcecode | 1 Hospital Management System | 2026-07-07 | 6.3 Medium |
| A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation of the argument editid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-71372 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-07 | 8.1 High |
| Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling supply-chain poisoning of shared model files. | ||||
| CVE-2025-71360 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-07 | 8.1 High |
| picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims. | ||||
| CVE-2025-71343 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-07 | 8.1 High |
| picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called. | ||||
| CVE-2026-58523 | 1 Microsoft | 1 Edge Chromium | 2026-07-07 | 6.5 Medium |
| Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-58298 | 1 Microsoft | 1 Edge Chromium | 2026-07-07 | 7.2 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-58286 | 1 Microsoft | 1 Edge Chromium | 2026-07-07 | 8.1 High |
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-45488 | 1 Microsoft | 1 Edge Chromium | 2026-07-07 | 5.4 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-14608 | 1 Sourcecodester | 1 Cet Automated Grading System With Ai Predictive Analytics | 2026-07-07 | 4.3 Medium |
| A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=view_student of the component POST Handler. The manipulation of the argument ID leads to authorization bypass. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-14612 | 1 Redhat | 1 Enterprise Linux | 2026-07-07 | 4.2 Medium |
| Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be able to trigger ipa-otpd to write or read one byte past the end of a fixed-size buffer. Exploitation requires FreeIPA to be configured with an external IdP, attacker control or MITM of that IdP, and a user to initiate the OAuth2 device authorization flow. The most likely impact is limited denial of service affecting the ipa-otpd daemon. | ||||
| CVE-2026-53478 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-07 | 7.2 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution. | ||||
| CVE-2026-46464 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-07 | 4.9 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2026-46467 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-07 | 5.8 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. | ||||
| CVE-2026-41121 | 1 Dell | 1 Device Management Agent | 2026-07-07 | 7.3 High |
| Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2026-25271 | 1 Qualcomm | 1 Snapdragon | 2026-07-07 | 7.8 High |
| Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use. | ||||
| CVE-2026-43925 | 1 Fossbilling | 1 Fossbilling | 2026-07-07 | N/A |
| FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can gate promo code eligibility, an attacker may apply group-restricted discount codes and receive unauthorized discounts. Version 0.8.0 contains a patch. As a workaround, administrators can either remove group restrictions from promo codes or disable client self-registration (Settings → Clients → Disable signup). | ||||
| CVE-2026-13356 | 1 Mozilla | 1 Firefox For Ios | 2026-07-07 | N/A |
| A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3. | ||||
| CVE-2026-14404 | 1 Google | 1 Chrome | 2026-07-07 | 6.5 Medium |
| Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium) | ||||