Search

Search Results (363434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-36909 2026-07-05 6.2 Medium
A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2026-20457 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 5.3 Medium
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301.
CVE-2026-20458 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 7.5 High
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01402160; Issue ID: MSV-7298.
CVE-2026-20460 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 5.3 Medium
In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788.
CVE-2026-20461 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 5.3 Medium
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267281 / MOLY01318201; Issue ID: MSV-6486.
CVE-2026-20462 1 Mediatek, Inc. 1 Mediatek Chipset 2026-07-05 6.7 Medium
In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871.
CVE-2026-11562 2026-07-05 4.3 Medium
The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings.
CVE-2026-14772 1 Sourcecodester 1 Class And Exam Timetabling System 2026-07-05 7.3 High
A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-24260 1 Nvidia 2 Container Toolkit, Gpu Operator 2026-07-05 8.5 High
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
CVE-2026-24242 1 Nvidia 1 Megatron-bridge 2026-07-05 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2026-24247 1 Nvidia 1 Megatron-bridge 2026-07-05 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24248 1 Nvidia 1 Megatron-bridge 2026-07-05 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24249 1 Nvidia 1 Megatron-bridge 2026-07-05 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24250 1 Nvidia 1 Megatron-bridge 2026-07-05 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24251 1 Nvidia 1 Megatron-bridge 2026-07-05 7.8 High
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24264 1 Nvidia 1 Triton Inference Server 2026-07-05 7.5 High
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-24270 2026-07-05 9.8 Critical
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2026-59520 2026-07-05 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16.
CVE-2026-59519 2026-07-05 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Softaculous FormLayer allows Retrieve Embedded Sensitive Data. This issue affects FormLayer: from n/a through 1.0.6.
CVE-2026-59511 2026-07-05 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9.