Export limit exceeded: 366282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-59885 2026-07-14 7.5 High
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode() call and can deny service to applications that decode untrusted ASN.1 data. The corresponding encoders have the same quadratic behavior when an application re-encodes previously decoded attacker-supplied values. This issue is fixed in version 0.6.4.
CVE-2026-11578 2026-07-14 N/A
The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms.
CVE-2026-9127 1 Rockwellautomation 1 Studio 5000 Logix Designer 2026-07-14 N/A
A remote code execution security issue exists within Studio 5000 Logix Designer® due to incorrect authorization on a configuration file. This can allow any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could alter the configuration to point to a malicious executable, resulting in arbitrary code execution when any user interacts with the external tools functionality.
CVE-2026-12523 1 Cloudflare 1 Quiche 2026-07-14 7.5 High
Summary Cloudflare quiche's HTTP/3 layer was discovered to be vulnerable to resource exhaustion (i.e., memory) by means of specially crafted HTTP/3 frames. Impact HTTP/3 defines multiple frame types to support HTTP message exchanges and connection management. Each frame has a length and a payload whose length depends on the frame type. quiche was found to be vulnerable when parsing some frame types to pre-allocating memory based on the declared length. An attacker would not need to send the number of declared bytes to trigger this issue. In addition, quiche was found to not apply QPACK decompression limits correctly. This could allow an attacker to send specially crafted HEADERS frames that would cause more memory commitment than otherwise advertised by MAX_FIELD_SECTION_SIZE (configured by set_max_field_section_size()). Mitigation: * Users are requested to upgrade to quiche 0.29.3 which is the earliest version containing the fix for this issue. Credits: Disclosed responsibly by Sébastien Féry
CVE-2026-59197 1 Python-pillow 1 Pillow 2026-07-14 8.2 High
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0.
CVE-2026-59886 1 Pyasn1 1 Pyasn1 2026-07-14 7.5 High
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float conversion through prettyPrint(), str(), comparison, arithmetic, int(), or an explicit float() call to consume excessive CPU and memory and hang applications that decode untrusted ASN.1 data and then print, log, or compare decoded objects. This issue is fixed in version 0.6.4.
CVE-2026-62642 1 Roundcube 1 Webmail 2026-07-14 4.3 Medium
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.
CVE-2026-58638 1 Microsoft 12 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 9 more 2026-07-14 6 Medium
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-58629 1 Microsoft 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more 2026-07-14 7 High
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2026-58628 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7.8 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Networking allows an authorized attacker to elevate privileges locally.
CVE-2026-58613 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7.8 High
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58594 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 8.8 High
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
CVE-2026-7494 1 Sonatype 1 Nexus Repository Manager 2026-07-14 N/A
Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal or otherwise restricted network hosts. This issue affects Nexus Repository 3.0.0 through versions prior to 3.94.0.
CVE-2026-58543 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 6.3 Medium
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.
CVE-2026-58542 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 7.8 High
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-58536 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7.8 High
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-58537 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-14 7.8 High
Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-58531 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.5 High
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVE-2026-58530 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7.8 High
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code locally.
CVE-2026-57982 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 6.5 Medium
Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.