Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-62658 | 2026-07-15 | N/A | ||
| A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to the device to run unauthorized commands or code on the router. | ||||
| CVE-2026-49853 | 1 Tornadoweb | 1 Tornado | 2026-07-15 | 7.7 High |
| Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, SimpleAsyncHTTPClient shallow-copied redirected requests and removed only the Host header, leaving Authorization, auth_username, auth_password, and auth_mode in place when a redirect changed scheme, host, or port. This issue is fixed in version 6.5.6. | ||||
| CVE-2026-48806 | 1 Twigphp | 1 Twig | 2026-07-15 | N/A |
| Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke __toString() on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed(). This issue is fixed in version 3.27.0. | ||||
| CVE-2026-15757 | 2026-07-15 | N/A | ||
| A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testing in a controlled research environment using a simulated version of the router's software and has not been confirmed on physical production devices. | ||||
| CVE-2026-59732 | 1 Rclone | 1 Rclone | 2026-07-15 | 5 Medium |
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as ../, allowing creation or overwrite of sibling objects in the same bucket or path scope. This issue is fixed in version 1.74.4. | ||||
| CVE-2026-62287 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61873. Reason: This candidate is a duplicate of CVE-2026-61873. Notes: All CVE users should reference CVE-2026-61873 instead of this candidate. | ||||
| CVE-2026-61606 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61457. Reason: This candidate is a duplicate of CVE-2026-61457. Notes: All CVE users should reference CVE-2026-61457 instead of this candidate. | ||||
| CVE-2026-61710 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61453. Reason: This candidate is a duplicate of CVE-2026-61453. Notes: All CVE users should reference CVE-2026-61453 instead of this candidate. | ||||
| CVE-2026-61829 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61452. Reason: This candidate is a duplicate of CVE-2026-61452. Notes: All CVE users should reference CVE-2026-61452 instead of this candidate. | ||||
| CVE-2026-61839 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61451. Reason: This candidate is a duplicate of CVE-2026-61451. Notes: All CVE users should reference CVE-2026-61451 instead of this candidate. | ||||
| CVE-2026-62165 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61446. Reason: This candidate is a duplicate of CVE-2026-61446. Notes: All CVE users should reference CVE-2026-61446 instead of this candidate. | ||||
| CVE-2026-61841 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61449. Reason: This candidate is a duplicate of CVE-2026-61449. Notes: All CVE users should reference CVE-2026-61449 instead of this candidate. | ||||
| CVE-2026-62168 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61443. Reason: This candidate is a duplicate of CVE-2026-61443. Notes: All CVE users should reference CVE-2026-61443 instead of this candidate. | ||||
| CVE-2026-62180 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61440. Reason: This candidate is a duplicate of CVE-2026-61440. Notes: All CVE users should reference CVE-2026-61440 instead of this candidate. | ||||
| CVE-2026-62248 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61438. Reason: This candidate is a duplicate of CVE-2026-61438. Notes: All CVE users should reference CVE-2026-61438 instead of this candidate. | ||||
| CVE-2026-62172 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61436. Reason: This candidate is a duplicate of CVE-2026-61436. Notes: All CVE users should reference CVE-2026-61436 instead of this candidate. | ||||
| CVE-2026-62174 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61435. Reason: This candidate is a duplicate of CVE-2026-61435. Notes: All CVE users should reference CVE-2026-61435 instead of this candidate. | ||||
| CVE-2026-15747 | 2026-07-15 | 9.1 Critical | ||
| Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and returns the same value on every call, and _csrf_field places that value in a hidden `csrf_token` input. When a response carrying the token also echoes attacker-controlled input and is gzip-compressed, the chosen values and the resulting compressed lengths form a BREACH oracle. An attacker able to query it can recover the token and pass csrf_protect validation. | ||||
| CVE-2026-62169 | 2026-07-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61430. Reason: This candidate is a duplicate of CVE-2026-61430. Notes: All CVE users should reference CVE-2026-61430 instead of this candidate. | ||||
| CVE-2026-61828 | 2026-07-15 | N/A | ||
| Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the MySQL database in a way that allows local users, such as unprivileged web or CGI processes on the same host, to log in as the root user without a password when the service is used with mysql or percona-server. This issue is fixed in the 25.11 and 26.05. | ||||