Export limit exceeded: 365367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365367 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-51599 | 1 Mercury | 1 Mipc252w | 2026-07-13 | 9.8 Critical |
| An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection. | ||||
| CVE-2026-12517 | 2026-07-13 | 5.3 Medium | ||
| The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users (the gating nonce is exposed on public pages carrying an embed) to make the site request internal and private-network URLs and read back the parsed page metadata. This is a Server-Side Request Forgery. | ||||
| CVE-2026-57830 | 2026-07-13 | N/A | ||
| The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion. | ||||
| CVE-2026-58304 | 1 Samsung Open Source | 1 Escargot | 2026-07-13 | 6.1 Medium |
| Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. | ||||
| CVE-2026-14261 | 1 Xerte | 1 Xerte Online Tools | 2026-07-13 | 9.1 Critical |
| A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control. | ||||
| CVE-2026-15542 | 1 Will-moss | 1 Isaiah | 2026-07-13 | 7.3 High |
| A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-54468 | 1 Dell | 1 Unisphere For Powermax | 2026-07-13 | 6.5 Medium |
| Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. | ||||
| CVE-2026-59793 | 1 Jetbrains | 1 Teamcity | 2026-07-13 | 8.8 High |
| In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration | ||||
| CVE-2026-59796 | 1 Jetbrains | 1 Teamcity | 2026-07-13 | 8.1 High |
| In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks | ||||
| CVE-2026-15552 | 1 Ragic | 1 Enterprise Cloud Database | 2026-07-13 | 6.1 Medium |
| Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load. | ||||
| CVE-2026-57280 | 1 Jenkins Project | 1 Jenkins Script Security Plugin | 2026-07-13 | 8.8 High |
| Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection. | ||||
| CVE-2026-52195 | 1 Utt | 1 Nv518g | 2026-07-13 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component | ||||
| CVE-2026-52197 | 1 Utt | 1 Nv518g | 2026-07-13 | 7.5 High |
| An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component | ||||
| CVE-2026-13793 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Insufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15536 | 1 Itsourcecode | 1 Hospital Management System | 2026-07-13 | 6.3 Medium |
| A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-13866 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13886 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13916 | 1 Google | 1 Chrome | 2026-07-13 | 4.3 Medium |
| Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-15553 | 1 Ragic | 1 Enterprise Cloud Database | 2026-07-13 | 5.3 Medium |
| Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download. | ||||
| CVE-2026-13962 | 1 Google | 1 Chrome | 2026-07-13 | 6.5 Medium |
| Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||