Export limit exceeded: 365356 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365356 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-15719 2026-07-14 N/A
We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6.
CVE-2026-15718 2026-07-14 N/A
We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6.
CVE-2026-54429 1 Siemens 1 Simatic S7-plcsim Advanced 2026-07-14 7.4 High
A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local network segment to cause a denial-of-service condition of the affected application. The affected application becomes inaccessible and requires a manual restart; no project data is lost. Successful exploitation requires a specific project configuration to be already active on the targeted instance.
CVE-2026-15691 1 Tenda 1 Be12 Pro 2026-07-14 8.8 High
A security flaw has been discovered in Tenda BE12 Pro 16.03.66.23. This affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-57297 2 Jenkins, Jenkins Project 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin 2026-07-14 5.4 Medium
A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.
CVE-2026-57299 2 Jenkins, Jenkins Project 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin 2026-07-14 4.3 Medium
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.
CVE-2026-13022 1 Google 1 Chrome 2026-07-14 3.1 Low
Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14852 1 Checkmk 1 Checkmk 2026-07-14 N/A
Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 (EOL) allows a local unprivileged user to execute arbitrary commands as root by starting a process crafted to look like a SAP HANA instance. Without an explicit database configuration, the mk_sap_hana agent plugin derives instance identifiers from the process list and uses them to build a command executed with elevated privileges (requires the plugin to run as root with RUNAS=agent).
CVE-2026-62327 1 Decolua 1 9router 2026-07-14 9.1 Critical
9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the missing authentication middleware on the Next.js API route to obtain full API key strings alongside token counts, cost breakdowns, and request metadata, enabling unauthorized use of connected AI provider accounts, billing fraud, and quota exhaustion.
CVE-2026-62200 1 Openclaw 1 Openclaw 2026-07-14 8.8 High
OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization.
CVE-2026-62191 1 Openclaw 1 Openclaw 2026-07-14 7.1 High
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and execute privileged operations when the affected feature is enabled and reachable.
CVE-2026-3014 2026-07-14 9.1 Critical
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API.  The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service.
CVE-2026-15389 2026-07-14 N/A
A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier (USID) as the sole validation mechanism, without verifying whether that identifier legitimately belongs to the user making the request. As a result, an attacker who obtains a valid USID can impersonate a victim’s session and access their confidential information, including emails, user IDs, roles and corporate data. This vulnerability is exacerbated by poor session lifecycle management: new logins generate additional USIDs without revoking the previous ones, allowing multiple active sessions to coexist and thereby expanding the attack surface.
CVE-2023-45853 3 Redhat, Smihica, Zlib 3 Jboss Core Services, Pyminizip, Zlib 2026-07-14 8.8 High
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
CVE-2026-62422 1 Jetbrains 1 Youtrack 2026-07-14 10 Critical
In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible
CVE-2026-52193 2026-07-14 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component
CVE-2026-13774 1 Google 1 Chrome 2026-07-14 8.1 High
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)
CVE-2026-13778 1 Google 1 Chrome 2026-07-14 7.8 High
Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)
CVE-2026-13780 1 Google 1 Chrome 2026-07-14 9.6 Critical
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-13781 1 Google 1 Chrome 2026-07-14 9.6 Critical
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)