Export limit exceeded: 366043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366043 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24264 | 1 Nvidia | 1 Triton Inference Server | 2026-07-14 | 7.5 High |
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24266 | 1 Nvidia | 1 Triton Inference Server | 2026-07-14 | 5.9 Medium |
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24270 | 2026-07-14 | 9.8 Critical | ||
| NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-0515 | 1 Blackberry | 3 Qnx Os For Medical, Qnx Os For Safety, Qnx Software Development Platform | 2026-07-14 | 6.2 Medium |
| Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel. | ||||
| CVE-2026-45063 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $_SERVER['SSL_CLIENT_S_DN'] with an unanchored regex that matches emailAddress= anywhere in the distinguished name, allowing an attacker with a trusted certificate containing emailAddress=victim inside another RDN value such as CN to authenticate as the victim. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. | ||||
| CVE-2026-45070 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Mime\Header\ParameterizedHeader validates and encodes parameter values but emits parameter names verbatim, allowing a caller that derives a parameter name from untrusted input to include CRLF or other non-token bytes and inject additional headers into rendered structured mail headers such as Content-Type or Content-Disposition. This issue is reported as fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. | ||||
| CVE-2026-45073 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear() builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller able to influence $prefix to break out of the LIKE literal and alter query semantics or deletion scope. This issue is fixed in versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12. | ||||
| CVE-2026-45753 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes() omits URL-valued attributes including action, formaction, poster, and cite, so configurations that admit those attributes can leave javascript: URIs unsanitized and enable XSS when the resulting HTML is rendered or a victim submits a form or clicks a button. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. | ||||
| CVE-2026-15720 | 2026-07-14 | 8.6 High | ||
| In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service. | ||||
| CVE-2026-47300 | 1 Microsoft | 3 .net, Visual Studio 2022, Visual Studio 2026 | 2026-07-14 | 8.8 High |
| Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-41121 | 1 Dell | 1 Device Management Agent | 2026-07-14 | 7.3 High |
| Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2026-60119 | 1 Hieventsdev | 1 Hi.events | 2026-07-14 | 5.4 Medium |
| Hi.Events through v1.10.0-beta contains a cross-site scripting vulnerability that allows authenticated attackers with event creation or edit permissions to inject arbitrary HTML and JavaScript by embedding a malicious event title containing the </script> sequence, which is not escaped by JSON.stringify() when embedded in inline script tags. Attackers can craft an event title that breaks out of the script context in the application/ld+json structured data block or server-side rehydrated state, causing the payload to execute in the browser of any user who views the public event page, including unauthenticated visitors and authenticated administrators. | ||||
| CVE-2026-15712 | 1 Redhat | 1 Enterprise Linux | 2026-07-14 | 5.9 Medium |
| A heap buffer over-read vulnerability was discovered in libsoup's HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminated C-string. Because the parser lacks strict length-boundary verification before reading this data, a remote, unauthenticated attacker can intentionally send a malformed GOAWAY frame missing the appropriate null delimiter. This causes the library to read past the end of the allocated buffer, triggering an application crash that results in a denial of service (DoS), or potentially exposing fragments of memory contents. | ||||
| CVE-2026-15058 | 2026-07-14 | N/A | ||
| Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier. | ||||
| CVE-2026-45072 | 2026-07-14 | N/A | ||
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.4.24 until 6.4.40, 7.4.12, and 8.0.12, the development profiler file_excerpt Twig filter escapes PHP files through highlight_string() but interpolates lines from non-PHP files directly into <code> elements, allowing stored XSS against a developer who opens an attacker-written file such as var/log/dev.log in the profiler. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12. | ||||
| CVE-2026-15642 | 2026-07-14 | N/A | ||
| Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclude sensitive data is selected. | ||||
| CVE-2026-15641 | 2026-07-14 | N/A | ||
| Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to approve their own pending access request via a direct call to the request status endpoint, bypassing the required approver review. | ||||
| CVE-2026-58640 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-07-14 | 7.3 High |
| Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | ||||
| CVE-2026-55133 | 1 Microsoft | 4 365 Apps, Office 365, Office Macos 2021 and 1 more | 2026-07-14 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office OneNote allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-56648 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-07-14 | 7.5 High |
| Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network. | ||||