Export limit exceeded: 366292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-58035 1 Wikimedia 1 Mediawiki 2026-07-01 N/A
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue.
CVE-2026-8480 1 Stormshield 1 Stormshield Network Security 2026-07-01 4.3 Medium
A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
CVE-2026-58032 1 Wikimedia 1 Mediawiki 2026-07-01 N/A
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
CVE-2026-58029 1 Wikimedia 1 Mediawiki 2026-07-01 N/A
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
CVE-2026-56148 1 Elastic 1 Elasticsearch 2026-07-01 6.5 Medium
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable.
CVE-2026-56149 1 Elastic 1 Elasticsearch 2026-07-01 4.9 Medium
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable.
CVE-2026-56150 1 Elastic 1 Fleet Server 2026-07-01 6.5 Medium
Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable.
CVE-2026-56151 1 Elastic 1 Kibana 2026-07-01 6.5 Medium
Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.
CVE-2026-49087 1 Elastic 1 Kibana 2026-07-01 6.5 Medium
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable.
CVE-2026-49088 1 Elastic 1 Kibana 2026-07-01 4.4 Medium
Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to operators with log access.
CVE-2026-49090 1 Elastic 1 Elasticsearch 2026-07-01 6.5 Medium
Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests.
CVE-2026-49091 1 Elastic 1 Kibana 2026-07-01 8 High
Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal that interprets control sequences, the injected content may alter the displayed log data.
CVE-2026-57736 2 Hubspot, Wordpress 2 Hubspot, Wordpress 2026-07-01 7.4 High
Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51.
CVE-2026-11950 2026-07-01 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-50163 2026-07-01 5.9 Medium
A flaw was found in oras-go, a Go library used for managing OCI (Open Container Initiative) artifacts. An attacker can exploit this vulnerability by providing a specially crafted tarball containing a malicious hardlink. When this tarball is extracted, the hardlink can be manipulated to point to files outside the intended extraction location, specifically within the victim's current working directory. This allows an attacker to read sensitive information from the system, and in some cases, could lead to unauthorized access to critical system files if the component is operating with elevated privileges.
CVE-2026-50151 2026-07-01 5.9 Medium
A flaw was found in oras-go. During the monolithic blob upload process, oras-go reuses the Authorization header for subsequent requests, even if a malicious registry provides a cross-host Location header. This vulnerability allows an attacker-controlled endpoint to receive the caller's credentials, leading to information disclosure. Additionally, it can enable client-side Server-Side Request Forgery (SSRF) to a cross-host target.
CVE-2026-48978 2026-07-01 3.1 Low
A flaw was found in oras-go. The auth.Client in oras-go does not properly validate the scheme or host of the realm URL provided in a registry's WWW-Authenticate: Bearer challenge. A remote attacker, operating a malicious registry or performing a man-in-the-middle attack, could exploit this to perform Server-Side Request Forgery (SSRF) against internal networks, potentially disclosing sensitive information. Additionally, the flaw could lead to a Transport Layer Security (TLS) downgrade, causing user credentials to be sent over plaintext.
CVE-2026-50162 2026-07-01 5.3 Medium
A flaw was found in oras-go. The file content store, intended to confine writes to a specified working directory, does not properly account for symbolic link (symlink) traversal. A remote attacker, by providing a specially crafted blob title, could exploit this vulnerability to create files outside the intended working directory. This filesystem boundary bypass allows for arbitrary file creation, potentially leading to unauthorized data modification or system compromise depending on the runtime environment.
CVE-2026-53330 1 Linux 1 Linux Kernel 2026-07-01 N/A
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval() [Why & How] The aux_rd_interval array in struct dc_lttpr_caps is declared with MAX_REPEATER_CNT - 1 (7) elements, indexed 0..6. However, the offset parameter passed to dp_get_eq_aux_rd_interval() can be as large as MAX_REPEATER_CNT (8) when a sink reports 8 LTTPR repeaters via DPCD. This leads to an out-of-bounds read of aux_rd_interval[7] when offset is 8. Fix this by growing aux_rd_interval to MAX_REPEATER_CNT elements to accommodate the full range of valid repeater counts defined by the DP spec. (cherry picked from commit a55a458a8df37a65ffda5cf721d554a8f74f6b04)
CVE-2026-53337 1 Linux 1 Linux Kernel 2026-07-01 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bond_do_ioctl() In bond_do_ioctl(), slave_dev is obtained via __dev_get_by_name() which can return NULL if the requested interface name does not exist. However, the subsequent slave_dbg() call is placed before the NULL check: slave_dev = __dev_get_by_name(net, ifr->ifr_slave); slave_dbg(bond_dev, slave_dev, "slave_dev=%p:\n", slave_dev); //here if (!slave_dev) return -ENODEV; The slave_dbg() macro expands to netdev_dbg(bond_dev, "(slave %s): " fmt, (slave_dev)->name, ...) which unconditionally dereferences slave_dev->name before the NULL check is performed. This results in a NULL pointer dereference kernel oops when a user calls bonding ioctl (e.g. SIOCBONDENSLAVE, SIOCBONDRELEASE, etc.) with a non-existent slave interface name. This is reachable from userspace via the bonding ioctl interface with CAP_NET_ADMIN capability, making it a potential local denial-of-service vector. Fix by moving the slave_dbg() call after the NULL check.