Export limit exceeded: 364158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45486 | 1 Microsoft | 7 365 Apps, Microsoft 365, Office 2021 and 4 more | 2026-07-08 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45474 | 1 Microsoft | 10 365 Apps, Office, Office 2016 and 7 more | 2026-07-08 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45472 | 1 Microsoft | 11 365 Apps, Microsoft 365 Apps For Enterprise, Office and 8 more | 2026-07-08 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-12195 | 2026-07-08 | N/A | ||
| myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta. | ||||
| CVE-2026-8800 | 1 Progress | 1 Moveit Transfer | 2026-07-08 | 2.7 Low |
| Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. | ||||
| CVE-2026-15172 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 5.5 Medium |
| FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | ||||
| CVE-2026-10037 | 1 Canonical | 1 Ubuntu | 2026-07-08 | 8.8 High |
| A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment. | ||||
| CVE-2026-15134 | 1 Codeastro | 1 Simple Online Leave Management System | 2026-07-08 | 7.3 High |
| A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-15163 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 5.5 Medium |
| Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service | ||||
| CVE-2026-15165 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 5.5 Medium |
| TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service | ||||
| CVE-2026-15170 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 5.5 Medium |
| Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | ||||
| CVE-2026-55778 | 1 Parse Community | 1 Parse Server | 2026-07-08 | N/A |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.11 and 8.6.81, the default fileUpload.fileExtensions blocklist could be bypassed by uploading a file with a non-standard or compound extension and dangerous content type, allowing storage adapters such as S3 and GCS to serve attacker-supplied active content and enable stored cross-site scripting. This issue is fixed in versions 9.9.1-alpha.11 and 8.6.81. | ||||
| CVE-2026-15167 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 7.5 High |
| DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | ||||
| CVE-2026-15169 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 5.5 Medium |
| UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | ||||
| CVE-2026-15171 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 5.5 Medium |
| SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | ||||
| CVE-2026-15174 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 5.5 Medium |
| Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | ||||
| CVE-2026-57480 | 1 Parse Community | 1 Parse Server | 2026-07-08 | N/A |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.12 and 8.6.82, deeply nested $or, $and, and $nor query condition operators in the REST API or LiveQuery query handling could trigger exponential-time processing in the internal query-traversal helper and block the Node.js event loop. This issue is fixed in versions 9.9.1-alpha.12 and 8.6.82. | ||||
| CVE-2026-15166 | 1 Wireshark | 1 Wireshark | 2026-07-08 | 5.5 Medium |
| IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service | ||||
| CVE-2026-35210 | 1 Opencti-platform | 1 Opencti | 2026-07-08 | 7.1 High |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header, enabling attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object types including Indicators, ThreatActors, Malware, and Reports. This issue is fixed in version 7.260326.0. | ||||
| CVE-2026-35211 | 1 Opencti-platform | 1 Opencti | 2026-07-08 | 6.5 Medium |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied Elasticsearch Painless script values directly into search queries without validation or sanitization, allowing computationally expensive scripts to consume cluster CPU resources and degrade or deny service for all users. This issue is fixed in version 7.260401.0. | ||||