Export limit exceeded: 366430 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366430 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15779 | 1 Redhat | 1 Enterprise Linux | 2026-07-15 | 6.1 Medium |
| A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation. | ||||
| CVE-2026-58556 | 2026-07-15 | 5.1 Medium | ||
| Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-58558 | 2026-07-15 | 7.8 High | ||
| Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-3014 | 2026-07-15 | 9.1 Critical | ||
| Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service. | ||||
| CVE-2026-58559 | 2026-07-15 | 6.5 Medium | ||
| DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-40646 | 2 Energycrm, Viday | 2 Energy Crm, Viday | 2026-07-15 | 5.4 Medium |
| Exposure of sensitive information in Viday. This vulnerability could allow an attacker to obtain sensitive information about customers by intercepting HTTP requests and searching for the JWT containing sensitive user information in the JWT payload. | ||||
| CVE-2026-47422 | 1 Frappe | 1 Frappe | 2026-07-15 | N/A |
| Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate permission checks and that has since been fixed. This vulnerability is fixed in 15.107.5 and 16.18.2. | ||||
| CVE-2026-10769 | 1 Drupal | 1 Commerce Core | 2026-07-15 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6. | ||||
| CVE-2026-15089 | 1 Drupal | 1 Commerce Guest Registration | 2026-07-15 | 9.1 Critical |
| vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. | ||||
| CVE-2026-15709 | 1 Redhat | 1 Enterprise Linux | 2026-07-15 | 7.5 High |
| A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop (inflate()) processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via max_incoming_payload_size, it fails to track or limit memory allocation during decompression. A separate check for decompressed size (max_total_message_size) exists but executes only after inflation is complete, and it is entirely disabled by default for client connections. A remote, unauthenticated attacker can exploit this by sending a small, highly compressed payload (a decompression bomb), causing unbounded memory allocation that triggers an Out-of-Memory (OOM) crash and a Denial of Service (DoS). | ||||
| CVE-2026-47996 | 2026-07-15 | 7.6 High | ||
| Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-48815 | 2026-07-15 | 7.5 High | ||
| sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications relying on certificateOIDs to restrict which certificates may sign artifacts can accept unauthorized certificates. This issue is fixed in version 4.1.1. | ||||
| CVE-2026-48801 | 2026-07-15 | N/A | ||
| linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containing many fuzzy links or emails because the JavaScript-level scan loop re-slices input and re-runs unanchored regex searches on progressively shorter tails. Any service that synchronously renders untrusted Markdown with linkify:true on a request hot path can inherit a worker-process denial of service triggerable by a tens-of-KB request body. This issue is fixed in version 5.0.1. | ||||
| CVE-2026-48125 | 2026-07-15 | 5.3 Medium | ||
| UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParser(headers).withClientHints(), an attacker can cause excessive CPU time due to catastrophic backtracking in the device regex because Client Hints values are copied without the UA_MAX_LENGTH limit used for User-Agent values. This issue is fixed in version 2.0.10. | ||||
| CVE-2026-48758 | 2026-07-15 | 5.4 Medium | ||
| sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE string to bytes, allowing payloadType to be mutated after signing without invalidating the signature and breaking the type-binding guarantee that DSSE is designed to provide. This issue is fixed in version 3.2.1. | ||||
| CVE-2026-46644 | 2026-07-15 | N/A | ||
| Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process() does not enforce the UTS #46 revision 33 requirement that decoded ACE labels contain at least one non-ASCII code point. Originally unequal domain names can be regarded as equal, which can lead to blacklist bypassing, inconsistent URL parsing, and server-side request forgery in applications using the polyfill to canonicalise or compare hostnames. This issue is fixed in version 1.38.1. | ||||
| CVE-2026-46459 | 2026-07-15 | N/A | ||
| ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029 | ||||
| CVE-2026-46458 | 2026-07-15 | N/A | ||
| ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This issue has been fixed in version 2.4.18.029 | ||||
| CVE-2026-48807 | 2026-07-15 | N/A | ||
| Twig is a template language for PHP. Prior to 3.27.0, the sandbox __toString() checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the sandbox policy. This issue is fixed in version 3.27.0. | ||||
| CVE-2026-49741 | 1 Typo3 | 1 Typo3 | 2026-07-15 | N/A |
| Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations, re-enabling attack vectors originally addressed in TYPO3-CORE-SA-2018-003, including SQL injection and privilege escalation. This issue affects TYPO3 CMS versions 14.0.0-14.3.2. | ||||