Export limit exceeded: 365162 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365162 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-51119 2026-07-13 9.1 Critical
An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components
CVE-2025-70796 2026-07-13 7.5 High
An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Technology, Inc.) version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web root directory. This may allow disclosure of sensitive system files and configuration data
CVE-2026-15513 1 Wavlink 2 Wl-nu516u1, Wl-nu516u1 Firmware 2026-07-13 6.3 Medium
A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlink_uci_set_value of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lan_ip results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVE-2026-15517 1 Jinher 1 Oa 2026-07-13 7.3 High
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-15516 1 Maccms Pro 1 Maccms Pro 2026-07-13 5.6 Medium
A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. Upgrading to version 2022.1000.3025 is recommended to address this issue. Upgrading the affected component is recommended.
CVE-2026-21041 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21044 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
CVE-2026-21046 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2026-21049 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
CVE-2026-21050 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-12685 2026-07-13 7.5 High
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server.
CVE-2026-56690 1 Dell 1 Powerflex Manager 2026-07-13 8.5 High
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access.
CVE-2026-56689 1 Dell 1 Powerflex Manager 2026-07-13 7.7 High
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-56688 1 Dell 1 Powerflex Manager 2026-07-13 9.1 Critical
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and lateral movement into managed infrastructure.
CVE-2026-15515 1 Tencent 1 Pc Manager 2026-07-13 7 High
A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-15514 1 Metasoft 1 Metacrm 2026-07-12 7.3 High
A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpc_args can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-54469 1 Dell 1 Unisphere For Powermax 2026-07-12 8.8 High
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-54470 1 Dell 1 Unisphere For Powermax 2026-07-12 5.3 Medium
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
CVE-2026-59795 1 Jetbrains 1 Teamcity 2026-07-12 8.1 High
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
CVE-2026-61492 1 Jetbrains 1 Youtrack 2026-07-12 3.5 Low
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible