Export limit exceeded: 363984 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363984 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55079 | 1 Coder | 1 Coder | 2026-07-08 | 4.9 Medium |
| Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `NewDataBuilder` in `provisionersdk/proto/dataupload.go` allocated a byte slice using the client-supplied `FileSize` from a `DataUpload` message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the `FileSize` value itself was unconstrained. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 validates `FileSize` against an upper bound (`MaxFileSize = 100 MiB`) before allocation. As a workaround, restrict access to the provisioner daemon serve endpoint to trusted provisioner daemon service accounts. | ||||
| CVE-2024-35276 | 1 Fortinet | 6 Fortianalyzer, Fortianalyzer Cloud, Fortianalyzercloud and 3 more | 2026-07-08 | 5 Medium |
| A stack-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0.0 through 7.0.12, FortiAnalyzer 6.4.0 through 6.4.14, FortiAnalyzer Cloud 7.4.1 through 7.4.3, FortiAnalyzer Cloud 7.2.1 through 7.2.5, FortiAnalyzer Cloud 7.0.1 through 7.0.11, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0.1 through 7.0.11, FortiManager Cloud 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets. | ||||
| CVE-2026-59995 | 1 Openbsd | 1 Openssh | 2026-07-08 | 4.2 Medium |
| sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server. | ||||
| CVE-2026-14489 | 2026-07-08 | 8.8 High | ||
| The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2026-59997 | 1 Openbsd | 1 Openssh | 2026-07-08 | 4.2 Medium |
| internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection. | ||||
| CVE-2026-55432 | 1 Coder | 1 Coder | 2026-07-08 | 5.4 Medium |
| Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum. Exploitation requires the ability to register sub-agent apps in a workspace the attacker controls. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2clamps the sub-agent app sharing level to the template's `MaxPortSharingLevel`. As a workaround, disable wildcard app hostnames (`CODER_WILDCARD_ACCESS_URL`) to block subdomain-based app routing. | ||||
| CVE-2026-57260 | 2026-07-08 | 7.8 High | ||
| The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash. | ||||
| CVE-2026-57255 | 2026-07-08 | 6.1 Medium | ||
| The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application. | ||||
| CVE-2026-57254 | 2026-07-08 | 7.8 High | ||
| There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash. | ||||
| CVE-2026-14158 | 2 Totalbounty, Wordpress | 2 Widget Logic Visual, Wordpress | 2026-07-08 | 8.8 High |
| The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widget_logic_visual_check_visibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action combined with insufficient sanitization of the 'nwlv[cod-tag]' parameter before storage and subsequent use in an eval() call. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server. | ||||
| CVE-2026-11578 | 2026-07-08 | N/A | ||
| The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms. | ||||
| CVE-2026-14495 | 2 Wordpress, Wpdo5ea | 2 Wordpress, Dologin Security | 2026-07-08 | 8.8 High |
| The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because `dologin\s::rrand()` seeds the Mersenne Twister with `mt_srand((double) microtime() * 1000000)` — discarding the integer-seconds component of `microtime()` and constraining the seed to a range of approximately 10^6 values (~20 bits of entropy) — after which every character of the 32-character magic-link token is drawn sequentially with `mt_rand()`, making the entire token a deterministic function of that seed. Because `Pswdless::try_login()` is registered on the unauthenticated `init` hook, resolves the target account by the auto-increment numeric ID embedded in the `?dologin=<id>.<hash>` parameter, performs the hash comparison using a non-constant-time `!=` operator, and then calls `wp_set_auth_cookie()` directly — never passing through `wp_authenticate()` and therefore never triggering the plugin's own `Auth::_has_login_err()` lockout — an unauthenticated attacker can brute-force the ~10^6-candidate seed space to reconstruct an active passwordless login token and authenticate as any targeted user, including administrators, without a password. Exploitation requires that a valid, unexpired passwordless login link (active for up to 7 days) exists for the target account at the time of the attack, and that the numeric link ID is known or guessable from the auto-increment primary key. | ||||
| CVE-2026-57252 | 2026-07-08 | 7.8 High | ||
| When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing. | ||||
| CVE-2023-42789 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2026-07-08 | 9.3 Critical |
| A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | ||||
| CVE-2023-42790 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-07-08 | 7.7 High |
| A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | ||||
| CVE-2026-57253 | 2026-07-08 | 6.1 Medium | ||
| An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing. | ||||
| CVE-2026-56000 | 2026-07-08 | N/A | ||
| Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory. | ||||
| CVE-2026-57251 | 2026-07-08 | 7.8 High | ||
| The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application. | ||||
| CVE-2026-10570 | 2026-07-08 | 6.4 Medium | ||
| The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symp_arfe_replace_content() function, which uses str_replace() to substitute raw ACF field values (retrieved via get_field()) directly into Elementor-rendered HTML without any escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-57249 | 2026-07-08 | 7.8 High | ||
| After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed. | ||||