Export limit exceeded: 364242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364242 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55114 | 1 Ubiquiti | 1 Unifi Network Application | 2026-07-09 | 8.8 High |
| A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application. | ||||
| CVE-2024-31636 | 1 Lief-project | 1 Lief | 2026-07-09 | 3.9 Low |
| An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component. | ||||
| CVE-2024-29640 | 1 Messense | 1 Aliyundrive-webdav | 2026-07-09 | 9.8 Critical |
| An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. | ||||
| CVE-2024-29296 | 1 Portainer | 1 Portainer | 2026-07-09 | 5.3 Medium |
| A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | ||||
| CVE-2024-26566 | 2 Iscute, Ods-im | 2 Cute Http File Server, Cutehttpfileserver | 2026-07-09 | 8.2 High |
| An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. | ||||
| CVE-2024-25294 | 1 Getrebuild | 1 Rebuild | 2026-07-09 | 9.1 Critical |
| An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. | ||||
| CVE-2024-24520 | 1 Lepton-cms | 1 Leptoncms | 2026-07-09 | 7.8 High |
| An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | ||||
| CVE-2026-54780 | 1 Corewcf | 1 Corewcf | 2026-07-09 | 3.7 Low |
| CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1. | ||||
| CVE-2026-15109 | 1 Google | 1 Chrome | 2026-07-09 | N/A |
| Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-23084 | 2 Apfloat, Mikkotommila | 2 Apfloat, Apfloat | 2026-07-09 | 7.5 High |
| Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-23080 | 1 Joda | 1 Joda Time | 2026-07-09 | 9.1 Critical |
| Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-23078 | 1 Jgrapht | 1 Core | 2026-07-09 | 9.1 Critical |
| JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2023-51141 | 1 Zkteco | 1 Biotime | 2026-07-09 | 6.5 Medium |
| An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | ||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2026-07-09 | 9.8 Critical |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | ||||
| CVE-2023-46010 | 1 Seacms | 1 Seacms | 2026-07-09 | 9.8 Critical |
| An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | ||||
| CVE-2023-45379 | 1 Posthemes | 1 Posrotatorimg | 2026-07-09 | 9.8 Critical |
| In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | ||||
| CVE-2023-43336 | 1 Sangoma | 1 Freepbx | 2026-07-09 | 8.8 High |
| Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | ||||
| CVE-2026-8921 | 1 Asus | 1 Asus Business Manager | 2026-07-09 | N/A |
| External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information. | ||||
| CVE-2022-4990 | 1 Asus | 1 Ai Suite 3 | 2026-07-09 | N/A |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. | ||||
| CVE-2026-4967 | 1 Unisoc (shanghai) Technologies Co., Ltd. | 1 Sc7731e/sc9832e/sc9863a/t310/t610/t618/t7200/t7225/t7250/t7255/t7280/t7300/t8100/t9100/t8200/t8300 | 2026-07-09 | 7.5 High |
| In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. | ||||