Export limit exceeded: 363331 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363331 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363331 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363331 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55111 | 2026-07-04 | 7.5 High | ||
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight. | ||||
| CVE-2026-55119 | 2026-07-04 | 8.1 High | ||
| A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application. | ||||
| CVE-2026-14623 | 1 Omec-project | 1 Amf | 2026-07-04 | 4.3 Medium |
| A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue. | ||||
| CVE-2026-11352 | 1 Curl | 1 Curl | 2026-07-04 | N/A |
| An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can continuously stream empty datagrams to indefinitely stall the client. | ||||
| CVE-2026-8458 | 1 Curl | 1 Curl | 2026-07-04 | N/A |
| libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different services. | ||||
| CVE-2026-8927 | 1 Curl | 1 Curl | 2026-07-04 | N/A |
| When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended solely for `proxyA`. | ||||
| CVE-2026-9546 | 1 Curl | 1 Curl | 2026-07-04 | N/A |
| A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers. | ||||
| CVE-2026-9547 | 1 Curl | 1 Curl | 2026-07-04 | N/A |
| When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack. | ||||
| CVE-2026-35159 | 2026-07-04 | 5.3 Medium | ||
| Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. | ||||
| CVE-2026-41123 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-04 | 4.3 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. | ||||
| CVE-2026-12194 | 1 Phpipam | 1 Phpipam | 2026-07-04 | N/A |
| PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations. | ||||
| CVE-2026-14622 | 1 Jairiidriss | 1 Restaurant-website-php-mysql | 2026-07-04 | 7.3 High |
| A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-52195 | 1 Utt | 1 Nv518g | 2026-07-04 | 7.5 High |
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component | ||||
| CVE-2026-54424 | 1 Unity | 1 Parsec | 2026-07-04 | 8.4 High |
| An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable. | ||||
| CVE-2026-14621 | 1 Federatedai | 1 Fate | 2026-07-04 | 3.1 Low |
| A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument rollSiteSessionId/dstRole/dstPartyId leads to exposure of data element to wrong session. The attack can be executed remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-52197 | 1 Utt | 1 Nv518g | 2026-07-04 | 7.5 High |
| An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component | ||||
| CVE-2026-52198 | 2026-07-04 | 7.5 High | ||
| Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_425994 component | ||||
| CVE-2026-13775 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13776 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13778 | 1 Google | 1 Chrome | 2026-07-04 | 7.8 High |
| Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical) | ||||