Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55119 2026-07-03 8.1 High
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application.
CVE-2026-58426 2026-07-03 9.6 Critical
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
CVE-2026-58424 2026-07-03 8.9 High
Permanent Fork PR Workflow Approval Gate Bypass
CVE-2026-58423 2026-07-03 7.7 High
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
CVE-2026-58422 2026-07-03 N/A
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
CVE-2026-58421 2026-07-03 N/A
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
CVE-2026-58419 2026-07-03 N/A
Notification API leaks private issue metadata after access revocation
CVE-2026-58418 2026-07-03 6.5 Medium
SSRF via HTTP Redirect in Repository Migration
CVE-2026-8921 1 Asus 1 Asus Business Manager 2026-07-03 N/A
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information.
CVE-2022-4990 1 Asus 1 Ai Suite 3 2026-07-03 N/A
** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation.
CVE-2022-4989 1 Asus 1 Ai Suite 3 2026-07-03 N/A
** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation.
CVE-2026-4967 2026-07-03 7.5 High
In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2026-10536 1 Curl 1 Curl 2026-07-03 N/A
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.
CVE-2026-11586 1 Curl 1 Curl 2026-07-03 N/A
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages.
CVE-2026-8286 1 Curl 1 Curl 2026-07-03 N/A
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
CVE-2026-8924 1 Curl 1 Curl 2026-07-03 N/A
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.
CVE-2026-8925 1 Curl 1 Curl 2026-07-03 N/A
The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.
CVE-2026-8926 1 Curl 1 Curl 2026-07-03 N/A
When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://[email protected]/`, curl could wrongly get and use the password for *another* user set in the `.netrc` file for that host if such a one exists and there is no match for the specified user.
CVE-2026-8927 1 Curl 1 Curl 2026-07-03 N/A
When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended solely for `proxyA`.
CVE-2026-8932 1 Curl 1 Curl 2026-07-03 N/A
libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS settings related to client certificates were left out from the configuration match checks, making them match too easily. In particular options related to the private key.