Export limit exceeded: 364230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364230 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55113 | 2026-07-09 | 7.5 High | ||
| A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints. | ||||
| CVE-2026-55112 | 2026-07-09 | 7.5 High | ||
| A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device. | ||||
| CVE-2026-55116 | 2026-07-09 | 9 Critical | ||
| A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices. | ||||
| CVE-2026-56842 | 1 Ubiquiti | 1 Unifi Network Application | 2026-07-09 | 7.5 High |
| A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed. | ||||
| CVE-2026-55114 | 1 Ubiquiti | 1 Unifi Network Application | 2026-07-09 | 8.8 High |
| A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application. | ||||
| CVE-2024-31636 | 1 Lief-project | 1 Lief | 2026-07-09 | 3.9 Low |
| An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component. | ||||
| CVE-2024-29640 | 1 Messense | 1 Aliyundrive-webdav | 2026-07-09 | 9.8 Critical |
| An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. | ||||
| CVE-2024-29296 | 1 Portainer | 1 Portainer | 2026-07-09 | 5.3 Medium |
| A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | ||||
| CVE-2024-26566 | 2 Iscute, Ods-im | 2 Cute Http File Server, Cutehttpfileserver | 2026-07-09 | 8.2 High |
| An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. | ||||
| CVE-2024-25294 | 1 Getrebuild | 1 Rebuild | 2026-07-09 | 9.1 Critical |
| An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. | ||||
| CVE-2024-24520 | 1 Lepton-cms | 1 Leptoncms | 2026-07-09 | 7.8 High |
| An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | ||||
| CVE-2026-54780 | 1 Corewcf | 1 Corewcf | 2026-07-09 | 3.7 Low |
| CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1. | ||||
| CVE-2026-54783 | 1 Corewcf | 1 Corewcf | 2026-07-09 | 7.4 High |
| CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1. | ||||
| CVE-2026-15109 | 1 Google | 1 Chrome | 2026-07-09 | N/A |
| Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-23084 | 2 Apfloat, Mikkotommila | 2 Apfloat, Apfloat | 2026-07-09 | 7.5 High |
| Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-23080 | 1 Joda | 1 Joda Time | 2026-07-09 | 9.1 Critical |
| Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-23078 | 1 Jgrapht | 1 Core | 2026-07-09 | 9.1 Critical |
| JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2023-51141 | 1 Zkteco | 1 Biotime | 2026-07-09 | 6.5 Medium |
| An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | ||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2026-07-09 | 9.8 Critical |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | ||||
| CVE-2023-46010 | 1 Seacms | 1 Seacms | 2026-07-09 | 9.8 Critical |
| An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | ||||