Export limit exceeded: 366468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366468 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-38979 | 1 Ajenti | 1 Ajenti | 2026-07-15 | 5.4 Medium |
| ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI start_response() without adding anti-framing protections such as X-Frame-Options or a Content-Security-Policy frame-ancestors restriction. | ||||
| CVE-2026-47428 | 1 Vitest.dev | 1 Vitest | 2026-07-15 | 9.6 Critical |
| Vitest is a testing framework powered by Vite. From 4.0.17 until 4.1.6 and 5.0.0-beta.3, Vitest Browser Mode served /__vitest_test__/ with the otelCarrier query parameter inserted directly into an inline module script, allowing a crafted browser-runner URL to execute arbitrary JavaScript in the Vitest server origin and recover VITEST_API_TOKEN for authenticated API calls. This issue is fixed in versions 4.1.6 and 5.0.0-beta.3. | ||||
| CVE-2026-47476 | 1 Nvidia | 1 Triton Inference Server | 2026-07-15 | 7.5 High |
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-50471 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-07-15 | 7.8 High |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-59954 | 2026-07-15 | 7.5 High | ||
| Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app, including accent variants under accent-insensitive collations or trailing-space variants under PAD SPACE collations on /configs and /configfiles endpoints. This issue is fixed in version 2.5.2. | ||||
| CVE-2026-50445 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 6.5 Medium |
| Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-59955 | 2026-07-15 | 7.5 High | ||
| Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under /configfiles/raw/{appId}/{clusterName}/{namespace} are parsed for authentication as appId raw instead of the actual path appId, causing ConfigService to look up AccessKey secrets for raw before verifying the request signature and potentially continue without signature verification for the target appId. This issue is fixed in version 2.5.2. | ||||
| CVE-2026-50381 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more | 2026-07-15 | 5.5 Medium |
| Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-50316 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more | 2026-07-15 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-15483 | 1 Trendnet | 2 Tew-821dap, Tew-821dap Firmware | 2026-07-15 | 8.8 High |
| A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argument nslookup_target leads to buffer overflow. It is possible to initiate the attack remotely. The vendor explains: "We are unable to confirm the existence of the vulnerabilities for (...) TEW-821DAP (v1.0R) as these items have been EOL. " This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-45793 | 2026-07-15 | 7.5 High | ||
| Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration() validates GitHub OAuth tokens with the regex ^[.A-Za-z0-9_]+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUB_TOKEN values using the ghs_<id>_<base64url-JWT> format can contain -, fail validation, and be disclosed to stderr or CI logs. This issue is fixed in versions 1.10.28, 2.2.28, and 2.9.8. | ||||
| CVE-2026-50298 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 6.8 Medium |
| Integer overflow or wraparound in Windows Spaceport.sys allows an unauthorized attacker to elevate privileges with a physical attack. | ||||
| CVE-2026-50342 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 | 2026-07-15 | 8.8 High |
| Improper access control in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20187 | 2026-07-15 | 7.5 High | ||
| As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20187 are related to improper handling of exceptional conditions that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-703. | ||||
| CVE-2026-20158 | 2026-07-15 | 7.5 High | ||
| As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20158 are related to improper control of a resource through its lifetime that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-664. | ||||
| CVE-2026-52842 | 2026-07-15 | 9.3 Critical | ||
| Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as `http://attacker.com/@victim.com/` was fetched from attacker.com but treated as `http://victim.com`, allowing a complete Same-Origin Policy bypass. This issue is fixed in version 0.3.1. | ||||
| CVE-2026-20153 | 2026-07-15 | 7.5 High | ||
| As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20153 are related to improper input validation that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-20. | ||||
| CVE-2026-20157 | 2026-07-15 | 7.5 High | ||
| As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20157 are related to missing encryption that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-311. | ||||
| CVE-2026-20156 | 2026-07-15 | 8.1 High | ||
| As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20156 are related to improper restriction of operations within the bounds of a memory buffer that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-119. | ||||
| CVE-2026-49796 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-15 | 7.8 High |
| Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally. | ||||