Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363604 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56646 1 Microsoft 1 Edge Chromium 2026-07-06 6.5 Medium
Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58290 1 Microsoft 1 Edge Chromium 2026-07-06 7.5 High
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58296 1 Microsoft 1 Edge Chromium 2026-07-06 7.1 High
Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.
CVE-2026-11586 1 Curl 1 Curl 2026-07-06 7.5 High
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages.
CVE-2026-58524 1 Microsoft 1 Edge Chromium 2026-07-06 5.4 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-14773 1 Itsourcecode 1 Hospital Management System 2026-07-06 6.3 Medium
A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
CVE-2026-12481 2026-07-06 8.8 High
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process.
CVE-2026-14768 1 Code-projects 1 Real State Services 2026-07-06 7.3 High
A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-58418 2026-07-06 6.5 Medium
SSRF via HTTP Redirect in Repository Migration
CVE-2026-59520 2026-07-06 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16.
CVE-2026-14774 1 Itsourcecode 1 Hospital Management System 2026-07-06 6.3 Medium
A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-58419 2026-07-06 7.5 High
Notification API leaks private issue metadata after access revocation
CVE-2026-58421 2026-07-06 7.5 High
Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service
CVE-2026-58422 2026-07-06 9.8 Critical
Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts
CVE-2026-58423 2026-07-06 7.7 High
LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories
CVE-2026-58424 2026-07-06 8.9 High
Permanent Fork PR Workflow Approval Gate Bypass
CVE-2026-58426 2026-07-06 9.6 Critical
Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write
CVE-2026-14611 1 Deepmyst 1 Mysti 2026-07-06 4.3 Medium
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component.
CVE-2025-71356 2 Mmaitre314, Picklescan 2 Picklescan, Picklescan 2026-07-06 8.1 High
picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims.
CVE-2026-13376 1 Watchguard 1 Fireware Os 2026-07-06 N/A
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.