Export limit exceeded: 366567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366567 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-62641 | 1 Roundcube | 1 Webmail | 2026-07-14 | 4.3 Medium |
| In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size. | ||||
| CVE-2026-59205 | 1 Python-pillow | 1 Pillow | 2026-07-14 | 7.5 High |
| Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0. | ||||
| CVE-2026-62643 | 1 Roundcube | 1 Webmail | 2026-07-14 | 7.2 High |
| In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. NOTE: this issue exists because of insufficient fixes for CVE-2026-35540 and CVE-2026-48843. | ||||
| CVE-2026-62644 | 1 Roundcube | 1 Webmail | 2026-07-14 | 6.4 Medium |
| In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover. | ||||
| CVE-2026-11578 | 2026-07-14 | N/A | ||
| The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms. | ||||
| CVE-2026-9127 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2026-07-14 | N/A |
| A remote code execution security issue exists within Studio 5000 Logix Designer® due to incorrect authorization on a configuration file. This can allow any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could alter the configuration to point to a malicious executable, resulting in arbitrary code execution when any user interacts with the external tools functionality. | ||||
| CVE-2026-59197 | 1 Python-pillow | 1 Pillow | 2026-07-14 | 8.2 High |
| Pillow is a Python imaging library. Prior to 12.3.0, Pillow's public rank-filter API can trigger a native heap out-of-bounds write when given a very large odd filter size because ImageFilter.RankFilter.filter() calls image.expand(size // 2, size // 2) before rank-filter size validation and ImagingExpand() computes output dimensions with unchecked signed int arithmetic. This issue is fixed in version 12.3.0. | ||||
| CVE-2026-62642 | 1 Roundcube | 1 Webmail | 2026-07-14 | 4.3 Medium |
| In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment. | ||||
| CVE-2026-58629 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-07-14 | 7 High |
| Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-7494 | 1 Sonatype | 1 Nexus Repository Manager | 2026-07-14 | N/A |
| Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal or otherwise restricted network hosts. This issue affects Nexus Repository 3.0.0 through versions prior to 3.94.0. | ||||
| CVE-2026-58543 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-14 | 6.3 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack. | ||||
| CVE-2026-58537 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more | 2026-07-14 | 7.8 High |
| Use after free in Microsoft NAT Helper Components (ipnathlp.dll) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-57982 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 6.5 Medium |
| Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-57083 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 5.5 Medium |
| Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-54124 | 1 Microsoft | 8 Terminal, Windows 10 21h2, Windows 10 22h2 and 5 more | 2026-07-14 | 7.8 High |
| Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-56192 | 1 Microsoft | 11 365 Apps, Office 2016, Office 2019 and 8 more | 2026-07-14 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-56184 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 4 more | 2026-07-14 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-55135 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-07-14 | 4.6 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-55051 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-07-14 | 6.5 Medium |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-55057 | 1 Microsoft | 8 365 Apps, Office 2016, Office 2019 and 5 more | 2026-07-14 | 5.5 Medium |
| Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||||