Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14768 | 1 Code-projects | 1 Real State Services | 2026-07-06 | 7.3 High |
| A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-58418 | 2026-07-06 | 6.5 Medium | ||
| SSRF via HTTP Redirect in Repository Migration | ||||
| CVE-2026-59520 | 2026-07-06 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in properfraction CrawlWP SEO allows Cross Site Request Forgery. This issue affects CrawlWP SEO: from n/a through 3.0.16. | ||||
| CVE-2026-14774 | 1 Itsourcecode | 1 Hospital Management System | 2026-07-06 | 6.3 Medium |
| A vulnerability was determined in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /paymentdischarge.php. This manipulation of the argument patientid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-58419 | 2026-07-06 | 7.5 High | ||
| Notification API leaks private issue metadata after access revocation | ||||
| CVE-2026-58421 | 2026-07-06 | 7.5 High | ||
| Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | ||||
| CVE-2026-58422 | 2026-07-06 | 9.8 Critical | ||
| Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | ||||
| CVE-2026-58423 | 2026-07-06 | 7.7 High | ||
| LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | ||||
| CVE-2026-58424 | 2026-07-06 | 8.9 High | ||
| Permanent Fork PR Workflow Approval Gate Bypass | ||||
| CVE-2026-58426 | 2026-07-06 | 9.6 Critical | ||
| Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | ||||
| CVE-2026-14611 | 1 Deepmyst | 1 Mysti | 2026-07-06 | 4.3 Medium |
| A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component. | ||||
| CVE-2025-71356 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims. | ||||
| CVE-2026-13376 | 1 Watchguard | 1 Fireware Os | 2026-07-06 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2. | ||||
| CVE-2026-13377 | 1 Watchguard | 1 Fireware Os | 2026-07-06 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2. | ||||
| CVE-2025-71367 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using _operator.attrgetter in reduce methods to execute arbitrary code when pickle.load() processes the file. | ||||
| CVE-2026-14623 | 1 Omec-project | 1 Amf | 2026-07-06 | 4.3 Medium |
| A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue. | ||||
| CVE-2026-14629 | 1 Rt-thread | 1 Rt-thread | 2026-07-06 | 4.3 Medium |
| A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2025-23351 | 2026-07-06 | 9 Critical | ||
| NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device. | ||||
| CVE-2026-24240 | 1 Nvidia | 1 Megatron-bridge | 2026-07-06 | 7.8 High |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-24242 | 1 Nvidia | 1 Megatron-bridge | 2026-07-06 | 7.8 High |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure. | ||||