Export limit exceeded: 364799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364799 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55481 | 1 Grokability | 1 Snipe-it | 2026-07-10 | N/A |
| Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders header_color and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects authenticated users on subsequent page loads when Content Security Policy is disabled. This issue is fixed in version 8.6.2. | ||||
| CVE-2026-57158 | 1 Freerdp | 1 Freerdp | 2026-07-10 | 5.4 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0. | ||||
| CVE-2026-57156 | 1 Freerdp | 1 Freerdp | 2026-07-10 | 8.8 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update_read_delta_points in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeof(DELTA_POINT), allowing a malicious RDP peer to allocate an undersized heap buffer and then write beyond it during initialization. This issue is fixed in version 3.28.0. | ||||
| CVE-2026-13243 | 2026-07-10 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3. | ||||
| CVE-2026-13242 | 2026-07-10 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Geolocation Field allows SQL Injection. This issue affects Geolocation Field versions: from 0.0.0 to 3.15.0. | ||||
| CVE-2026-13241 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0. | ||||
| CVE-2026-13240 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0. | ||||
| CVE-2026-13239 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0. | ||||
| CVE-2026-13238 | 2026-07-10 | N/A | ||
| Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2. | ||||
| CVE-2026-13237 | 2026-07-10 | N/A | ||
| Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1. | ||||
| CVE-2026-13236 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1. | ||||
| CVE-2026-13235 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3. | ||||
| CVE-2026-13234 | 2026-07-10 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS). This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3. | ||||
| CVE-2026-13233 | 2026-07-10 | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2. | ||||
| CVE-2026-13232 | 2026-07-10 | N/A | ||
| Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0. | ||||
| CVE-2026-13231 | 2026-07-10 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Stored XSS. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0. | ||||
| CVE-2026-55810 | 2026-07-10 | N/A | ||
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2. | ||||
| CVE-2026-55809 | 2026-07-10 | N/A | ||
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2. | ||||
| CVE-2026-12535 | 2026-07-10 | N/A | ||
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0. | ||||
| CVE-2026-11909 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6. | ||||