Export limit exceeded: 46127 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46127 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15543 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-07-13 | 8.8 High |
| A vulnerability was found in Tenda CH22 1.0.0.1. This impacts the function formCertListInfo of the file /goform/CertListInfo. The manipulation of the argument Name results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-6850 | 2026-07-13 | 6.5 Medium | ||
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658 | ||||
| CVE-2026-15545 | 1 Shibby | 1 Tomato | 2026-07-13 | 8.8 High |
| A vulnerability was identified in Shibby Tomato up to 1.28.0000. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit is publicly available and might be used. This project is superseded by FreshTomato. | ||||
| CVE-2026-15123 | 1 Google | 1 Chrome | 2026-07-13 | 8.8 High |
| Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-31267 | 1 Mercusys | 1 Mw302r | 2026-07-13 | 5.7 Medium |
| Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the administrative web interface. A stack buffer overflow vulnerability in the administrative web interface allows an authenticated attacker with administrative privileges to trigger a system crash by sending a specially crafted request. The vulnerability results in denial of service through control flow manipulation to an arbitrary instruction address. | ||||
| CVE-2026-51603 | 1 Tenda | 1 Cp3 | 2026-07-13 | 7.5 High |
| A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows an unauthenticated remote attacker to cause a denial of service via a crafted second SETUP request. After completing the OPTIONS, DESCRIBE, and a legitimate first SETUP request to obtain a valid session ID, the RTSP service's second-stage URL routing parser fails to validate the length of the URL field in the subsequent SETUP request. By supplying a URL consisting of exactly four consecutive repetitions of a valid RTSP URL, an attacker can bypass first-stage format validation and trigger a stack buffer overflow, causing an immediate crash of the RTSP service process and rendering the device inaccessible to all clients on the local network. | ||||
| CVE-2026-15544 | 1 Shibby | 1 Tomato | 2026-07-13 | 8.8 High |
| A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato. | ||||
| CVE-2026-58304 | 1 Samsung Open Source | 1 Escargot | 2026-07-13 | 6.1 Medium |
| Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. | ||||
| CVE-2026-58307 | 1 Samsung Open Source | 1 Escargot | 2026-07-13 | 6.1 Medium |
| Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c. | ||||
| CVE-2026-54800 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-07-13 | 4.8 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions. | ||||
| CVE-2026-21057 | 1 Samsung Mobile | 1 Samsung Pass | 2026-07-13 | N/A |
| Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2026-15538 | 1 Primefaces | 1 Primereact | 2026-07-13 | 6.3 Medium |
| A weakness has been identified in primefaces primereact up to 10.9.8. This issue affects the function ObjectUtils.mutateFieldData of the component API. This manipulation of the argument Field causes improperly controlled modification of object prototype attributes. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-57280 | 1 Jenkins Project | 1 Jenkins Script Security Plugin | 2026-07-13 | 8.8 High |
| Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection. | ||||
| CVE-2026-52195 | 1 Utt | 1 Nv518g | 2026-07-13 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component | ||||
| CVE-2026-52193 | 2026-07-13 | 7.5 High | ||
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component | ||||
| CVE-2026-7162 | 1 Winfsp | 1 Winfsp | 2026-07-13 | 7.8 High |
| Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software. | ||||
| CVE-2026-13884 | 1 Google | 1 Chrome | 2026-07-13 | 8.8 High |
| Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Medium) | ||||
| CVE-2026-13976 | 1 Google | 1 Chrome | 2026-07-13 | 5.8 Medium |
| Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-15028 | 1 Redhat | 3 Enterprise Linux, Hummingbird, Openshift | 2026-07-13 | 3.9 Low |
| A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system. | ||||
| CVE-2026-50262 | 2 Redhat, X.org | 11 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 8 more | 2026-07-13 | 5.5 Medium |
| An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default. | ||||