Export limit exceeded: 366186 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366186 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55120 | 1 Microsoft | 8 365 Apps, Office 2019, Office 2021 and 5 more | 2026-07-14 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-34965 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2026-07-14 | 8.8 High |
| Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server. | ||||
| CVE-2026-45075 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, method-scoped #[IsGranted], #[IsSignatureValid], and #[IsCsrfTokenValid] attributes can be configured for GET only, but Symfony routes HEAD requests to the GET handler while the attribute check is skipped, allowing protected controllers to execute and leak headers or perform side effects. This issue is fixed in versions 7.4.12 and 8.0.12. | ||||
| CVE-2026-32986 | 1 Textpattern | 1 Textpattern | 2026-07-14 | 6.1 Medium |
| Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category that are reflected into Atom fields like and , which execute as JavaScript when feed readers or CMS aggregators consume the feed and insert content into the DOM using unsafe methods. | ||||
| CVE-2026-32984 | 1 Wazuh | 1 Wazuh | 2026-07-14 | 3.5 Low |
| Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on the availability of the authentication daemon. | ||||
| CVE-2026-32856 | 1 Ellucian | 2 Banner, Banner Self-service | 2026-07-14 | 6.1 Medium |
| Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the dateConverter endpoint. Attackers can craft a malicious URL targeting the unauthenticated dateConverter endpoint to steal session cookies or perform other malicious actions in the context of the victim's browser session. | ||||
| CVE-2026-32854 | 3 Libvnc Project, Libvncserver, Libvncserver Project | 3 Libvncserver, Libvncserver, Libvncserver | 2026-07-14 | 7.5 High |
| LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled. | ||||
| CVE-2026-32853 | 3 Libvnc Project, Libvncserver, Libvncserver Project | 3 Libvncserver, Libvncserver, Libvncserver | 2026-07-14 | 8.1 High |
| LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer. | ||||
| CVE-2026-32852 | 1 Mailenable | 1 Mailenable | 2026-07-14 | 6.1 Medium |
| MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript. | ||||
| CVE-2026-32851 | 1 Mailenable | 1 Mailenable | 2026-07-14 | 6.1 Medium |
| MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript. | ||||
| CVE-2026-32850 | 1 Mailenable | 1 Mailenable | 2026-07-14 | 6.1 Medium |
| MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the SelectedIndex parameter in the ManageShares.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript. | ||||
| CVE-2026-29514 | 1 Netbox | 1 Netbox | 2026-07-14 | 8.8 High |
| NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the environment_params field. Attackers can bypass Jinja2 SandboxedEnvironment protections by setting the finalize parameter to any importable Python callable such as subprocess.getoutput, which is invoked on every rendered expression outside the sandbox's call interception mechanism, achieving remote code execution as the NetBox service user. | ||||
| CVE-2026-29014 | 2 Metinfo, Metinfo Cms | 2 Metinfo, Metinfo Cms | 2026-07-14 | 9.8 Critical |
| MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server. | ||||
| CVE-2026-29009 | 2 Denx, U-boot | 2 U-boot, U-boot | 2026-07-14 | 8.2 High |
| U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c) when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs_path_buff buffer by returning multiple relative symlink targets that are appended without cumulative length validation. Attackers can send two or more READLINK responses containing relative symlink targets of approximately 1100 bytes each to corrupt adjacent BSS variables including nfs_server_ip, nfs_server_mount_port, nfs_server_port, nfs_our_port, nfs_state, and rpc_id, potentially achieving memory corruption and control over the NFS client state machine. | ||||
| CVE-2026-29008 | 2 Denx, U-boot | 2 U-boot, U-boot | 2026-07-14 | 7.5 High |
| U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payload_len to become negative. When the TCP_SYN_SENT handler calls tcp_rx_user_data() without invoking tcp_seg_in_wnd() validation, the negative payload_len is implicitly converted to a large unsigned integer (e.g., 0xFFFFFFD8) and passed to memcpy() in store_block(), causing an immediate crash that prevents device boot and may enable memory corruption when CONFIG_LMB is disabled. | ||||
| CVE-2026-29007 | 2 Denx, U-boot | 2 U-boot, U-boot | 2026-07-14 | 5.3 Medium |
| U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attackers can send a packet with an IP total length of 40 bytes and a TCP data offset claiming 60 bytes of header to cause tcp_parse_options() to read 40 bytes past the end of the TCP segment, potentially corrupting connection state variables such as rmt_win_scale and rmt_timestamp to disrupt TCP window calculations. | ||||
| CVE-2026-28529 | 1 Cryptodev-linux | 1 Cryptodev-linux | 2026-07-14 | N/A |
| cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation. | ||||
| CVE-2026-28517 | 1 Opendcim | 1 Opendcim | 2026-07-14 | 9.8 Critical |
| openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an attacker can modify the fac_Config.dot value, arbitrary commands may be executed in the context of the web server process. | ||||
| CVE-2026-28516 | 1 Opendcim | 1 Opendcim | 2026-07-14 | 8.8 High |
| openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input sanitation. An authenticated user can execute arbitrary SQL statements against the underlying database. | ||||
| CVE-2026-28515 | 1 Opendcim | 1 Opendcim | 2026-07-14 | 8.8 High |
| openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration. | ||||