Export limit exceeded: 366603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-47304 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-15 8.1 High
Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-24243 1 Nvidia 1 Megatron-bridge 2026-07-15 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24244 1 Nvidia 1 Megatron-bridge 2026-07-15 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24248 1 Nvidia 1 Megatron-bridge 2026-07-15 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24249 1 Nvidia 1 Megatron-bridge 2026-07-15 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-61836 1 Directus 1 Directus 2026-07-15 8.6 High
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role, roles, admin, app, and policies. Directus share tokens and anonymous requests can both reduce to user null, so different shares or anonymous clients requesting the same URL and query can receive a permission-filtered cached response without permission re-evaluation. This issue is fixed in version 12.0.0.
CVE-2026-60062 1 F5 2 Nginx Agent, Nginx Instance Manager 2026-07-15 6.4 Medium
The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary. Impact: A remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-46709 1 Eugeny 1 Tabby 2026-07-15 7.8 High
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing command substitution metacharacters such as $(…) and `…`, so the incomplete CVE-2026-45038 fix for control characters still allows code execution when the victim presses Enter. This issue is fixed in version 1.0.234.
CVE-2026-59258 1 Immich-app 1 Immich 2026-07-15 8.3 High
immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owner in sequential requests, gaining full control including deletion and eviction capabilities.
CVE-2026-53516 1 Better-auth 1 Better Auth 2026-07-15 8.3 High
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts email_verified: true without requiring the local user row's emailVerified field to also be true, allowing an attacker who pre-registers a victim email through /sign-up/email to bind the victim's OAuth identity to the attacker's account. The same primitive affects one-tap, and emailAndPassword.requireEmailVerification: true does not mitigate the link-time verification change. This issue is fixed in version 1.6.11.
CVE-2026-53518 1 Better-auth 1 Better Auth 2026-07-15 N/A
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorization_code grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two concurrent requests to pass the read step and mint independent access tokens, refresh tokens, and ID tokens; legacy /oauth2/token and /mcp/token paths in oidc-provider and mcp plugins share the same primitive. This issue is fixed in version 1.6.11.
CVE-2026-20296 1 Splunk 2 Splunk Cloud Platform, Splunk Enterprise 2026-07-15 8.3 High
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the `list_deployment_server` capability into running arbitrary Search Processing Language (SPL) searches on their behalf as `splunk-system-user`, allowing for access to stored credentials and indexed data.<br><br>The vulnerability is possible because Deployment Server endpoints in Splunk Web do not validate Cross-Site Request Forgery (CSRF) tokens on GET requests, and caller-supplied input is not correctly neutralized before it is placed into an SPL search.
CVE-2026-20298 1 Splunk 2 Splunk Cloud Platform, Splunk Enterprise 2026-07-15 5.3 Medium
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Processing Language (SPL) command.<br><br>The exposure happens because the `|rest` SPL command returns the `encr_password` field in the results of the `/servicesNS/-/-/storage/passwords` REST endpoint.
CVE-2026-53514 1 Better-auth 1 Better Auth 2026-07-15 7.7 High
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation, rejectInvitation, getInvitation, and listUserInvitations recipient endpoints use session.user.email and an invitation ID without sufficient verified-email ownership proof, allowing a user with an unverified session for the invited email address to accept an organization invitation after obtaining the invitation ID. This issue is fixed for the original default behavior in version 1.6.11, while 1.6.14 restored compatibility for built-in opaque invitation IDs and leaves affected configurations requiring secure options.
CVE-2026-45337 1 Better-auth 1 Better Auth 2026-07-15 7.6 High
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the deviceAuthorization plugin treats any authenticated session as the owner of any pending device code because GET /device does not claim the row and POST /device/approve and POST /device/deny short-circuit when userId is unset, allowing an authenticated attacker who learns a valid user_code to bind the polling device to the attacker's account or deny the legitimate flow. This issue is fixed in version 1.6.11.
CVE-2026-40501 1 Cherryhq 1 Cherry-studio 2026-07-15 8.8 High
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron BrowserWindow configured with nodeIntegration enabled and contextIsolation disabled. Attackers who control a search engine provider, individual search result pages, or provider settings pages can execute JavaScript with full Node.js privileges, gaining access to fs, child_process, os, and process.env under the operating-system account of the Cherry Studio process.
CVE-2026-62948 1 Openwrt 1 Openwrt 2026-07-15 9.6 Critical
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefiles_write_state6() and statefiles_write_state4() without escaping, allowing newline injection of forged lease lines that LuCI rpcd-mod-luci getDHCPLeases displays through htdocs/luci-static/resources/view/status/include/40_dhcp.js and htdocs/luci-static/resources/luci.js dom.append as live HTML in the Active DHCPv6 Leases admin page. This vulnerability is fixed in 25.12.5.
CVE-2026-46485 1 Lissy93 1 Dashy 2026-07-15 8.2 High
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized modification of dashboard configuration and potential service disruption. This issue is fixed in version 4.0.8.
CVE-2026-62355 1 Taosdata 1 Tdengine 2026-07-15 5.4 Medium
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader admin_user on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and create user were denied. This issue is fixed in version 3.4.1.15.
CVE-2026-62348 1 Taosdata 1 Tdengine 2026-07-15 5.4 Medium
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE <id> against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the intended MND_OPER_SSMIGRATE_DB privilege check was commented out. This issue is fixed in version 3.4.1.15.