Export limit exceeded: 363288 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363288 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363288 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20463 | 1 Mediatek, Inc. | 1 Mediatek Chipset | 2026-07-04 | 6.7 Medium |
| In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309. | ||||
| CVE-2026-10750 | 2026-07-04 | 8.1 High | ||
| The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify, or delete content owned by other users. | ||||
| CVE-2026-11568 | 2026-07-04 | 7.5 High | ||
| The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data (title, price, weight, stock status, and configurator option pricing/SKUs) of private and draft, non-public products by supplying the product ID. WordPress post-visibility controls are bypassed. | ||||
| CVE-2026-11887 | 2 Salonbookingsystem, Wordpress | 2 Salon Booking System, Wordpress | 2026-07-04 | 4.3 Medium |
| The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new bookings. | ||||
| CVE-2025-71342 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-04 | 8.1 High |
| picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks. | ||||
| CVE-2025-71360 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-04 | 8.1 High |
| picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims. | ||||
| CVE-2025-71367 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-04 | 8.1 High |
| picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using _operator.attrgetter in reduce methods to execute arbitrary code when pickle.load() processes the file. | ||||
| CVE-2025-71373 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-04 | 8.1 High |
| picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on picklescan for validation. | ||||
| CVE-2026-24260 | 1 Nvidia | 2 Container Toolkit, Gpu Operator | 2026-07-04 | 8.5 High |
| NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering. | ||||
| CVE-2026-24244 | 1 Nvidia | 1 Megatron-bridge | 2026-07-04 | 7.8 High |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-24250 | 1 Nvidia | 1 Megatron-bridge | 2026-07-04 | 7.8 High |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2025-71353 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-04 | 8.1 High |
| picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded. | ||||
| CVE-2026-41121 | 1 Dell | 1 Device Management Agent | 2026-07-04 | 7.3 High |
| Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2026-14385 | 1 Google | 1 Chrome | 2026-07-04 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14427 | 1 Google | 1 Chrome | 2026-07-04 | 8.3 High |
| Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-14404 | 1 Google | 1 Chrome | 2026-07-04 | 6.5 Medium |
| Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium) | ||||
| CVE-2026-14383 | 1 Google | 1 Chrome | 2026-07-04 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14415 | 1 Google | 1 Chrome | 2026-07-04 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14401 | 1 Google | 1 Chrome | 2026-07-04 | 8.3 High |
| Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-14411 | 1 Google | 1 Chrome | 2026-07-04 | 9.6 Critical |
| Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||