Export limit exceeded: 366528 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366528 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366528 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54469 1 Dell 1 Unisphere For Powermax 2026-07-15 8.8 High
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
CVE-2026-59791 1 Jetbrains 1 Youtrack 2026-07-15 3.5 Low
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
CVE-2026-59792 1 Jetbrains 1 Intellij Idea 2026-07-15 9.6 Critical
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
CVE-2026-59794 1 Jetbrains 1 Teamcity 2026-07-15 7.3 High
In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
CVE-2026-59796 1 Jetbrains 1 Teamcity 2026-07-15 8.1 High
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
CVE-2026-24272 2026-07-15 7.8 High
NVIDIA TensorRT contains a vulnerability where an attacker might cause an overflow to a heap-based buffer. A successful exploit of this vulnerability might lead to code execution.
CVE-2026-13585 1 Asus 3 Business Manager, System Control Interface, System Control Interface V3 2026-07-15 N/A
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system. Refer to the '  Security Update for ASUS System Control Interface  ' section on the ASUS Security Advisory for more information.
CVE-2025-5278 1 Redhat 6 Cost Management, Discovery, Enterprise Linux and 3 more 2026-07-15 4.4 Medium
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
CVE-2026-4878 2 Libcap Project, Redhat 18 Libcap, Ai Inference Server, Cost Management and 15 more 2026-07-15 6.7 Medium
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
CVE-2026-58553 2026-07-15 4 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58555 2026-07-15 6.6 Medium
Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-58554 2026-07-15 6.6 Medium
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-15809 1 Redhat 2 Confidential Compute Attestation, Openshift 2026-07-15 7.8 High
A flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVE-2026-15779 1 Redhat 1 Enterprise Linux 2026-07-15 6.1 Medium
A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation.
CVE-2026-58556 2026-07-15 5.1 Medium
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-58558 2026-07-15 7.8 High
Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-3014 2026-07-15 9.1 Critical
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API.  The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service.
CVE-2026-58559 2026-07-15 6.5 Medium
DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-40646 2 Energycrm, Viday 2 Energy Crm, Viday 2026-07-15 5.4 Medium
Exposure of sensitive information in Viday. This vulnerability could allow an attacker to obtain sensitive information about customers by intercepting HTTP requests and searching for the JWT containing sensitive user information in the JWT payload.
CVE-2026-47422 1 Frappe 1 Frappe 2026-07-15 N/A
Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate permission checks and that has since been fixed. This vulnerability is fixed in 15.107.5 and 16.18.2.