Export limit exceeded: 364541 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364541 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364541 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4989 | 1 Asus | 1 Ai Suite 3 | 2026-07-10 | N/A |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation. | ||||
| CVE-2026-59874 | 1 Isaacs | 1 Tar | 2026-07-10 | 7.5 High |
| node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18. | ||||
| CVE-2026-59871 | 1 Isaacs | 1 Tar | 2026-07-10 | 5.3 Medium |
| node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is fixed in version 7.5.18. | ||||
| CVE-2026-59877 | 1 Protobuf | 1 Protobuf | 2026-07-10 | 5.3 Medium |
| protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends prematurely can cause parse, Root.load, or Root.loadSync to loop indefinitely. This issue is fixed in versions 7.6.5 and 8.6.6. | ||||
| CVE-2026-59876 | 1 Protobuf | 1 Protobuf | 2026-07-10 | 4.8 Medium |
| protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key __proto__ to change the prototype of the returned map object instead of creating an own map entry in protobufjs/ext/textformat. This issue is fixed in version 8.6.5. | ||||
| CVE-2026-59724 | 1 Socket | 1 Socket.io | 2026-07-10 | 7.5 High |
| Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as __proto__ through an inherited property of the clients object during WebTransport upgrade handling, causing a TypeError and denial of service. This issue is fixed in version 6.6.7. | ||||
| CVE-2026-59725 | 2 Redhat, Socket | 2 Hummingbird, Socket.io | 2026-07-10 | 7.5 High |
| Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attacker to exhaust server-side connections and sockets. This issue is fixed in version 6.6.7. | ||||
| CVE-2026-59882 | 1 Guzzlephp | 1 Psr-7 | 2026-07-10 | 4.2 Medium |
| guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost() to disagree with the URI authority used for security or routing decisions. This issue is fixed in version 2.12.3. | ||||
| CVE-2026-59883 | 1 Guzzlephp | 1 Guzzle | 2026-07-10 | 4.7 Medium |
| Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies scoped to IP-address or bare-numeric Domain values to the exact host that set them, because SetCookie::matchesDomain() applied ordinary suffix matching to domains such as 192.168.0.1, [::1], or 1, allowing cross-host cookie disclosure, cookie injection, or session fixation. This issue is fixed in version 7.12.3. | ||||
| CVE-2026-59890 | 1 Python | 1 Setuptools | 2026-07-10 | 6.1 Medium |
| setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0. | ||||
| CVE-2026-59897 | 1 Hono | 1 Hono | 2026-07-10 | 4.8 Medium |
| Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware or application logic that depends on the complete X-Forwarded-For chain, rate limiting, audit logging, or proxy-chain validation can receive incomplete data. This issue is fixed in version 4.12.27. | ||||
| CVE-2026-59896 | 1 Hono | 1 Hono | 2026-07-10 | 6.5 Medium |
| Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight request to be used after an await in an async component. This issue is fixed in version 4.12.27. | ||||
| CVE-2026-59895 | 1 Hono | 1 Hono | 2026-07-10 | 6.1 Medium |
| Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx() in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class attribute during server-side rendering to break out of the attribute and inject arbitrary markup. This issue is fixed in version 4.12.27. | ||||
| CVE-2025-3110 | 1 Openvpn | 1 Openvpn Access Server | 2026-07-10 | 5.3 Medium |
| OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy | ||||
| CVE-2026-59946 | 1 Getcomposer | 1 Composer | 2026-07-10 | 6.1 Medium |
| Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and world-executable mode during composer install, update, or require. This issue is fixed in versions 2.2.29 and 2.10.2. | ||||
| CVE-2026-59948 | 1 Getcomposer | 1 Composer | 2026-07-10 | 7 High |
| Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project during install or update by using an invalid package name that is not correctly validated before dependency-resolution results are written or installed. This issue is fixed in versions 2.2.29 and 2.10.2. | ||||
| CVE-2026-59947 | 1 Getcomposer | 1 Composer | 2026-07-10 | 4.7 Medium |
| Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug output because AuthHelper, Url::sanitize, and ProcessExecutor did not sanitize username-only URL credentials. This issue is fixed in versions 2.2.29 and 2.10.2. | ||||
| CVE-2026-59939 | 1 Httplib2 Project | 1 Httplib2 | 2026-07-10 | 7.5 High |
| httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in _decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small compressed payload that expands to an arbitrarily large size in memory and causes MemoryError or OOM-kill in the client process. This issue is fixed in version 0.32.0. | ||||
| CVE-2026-58251 | 1 Nats | 1 Nats Server | 2026-07-10 | 6.5 Medium |
| NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when the queue name itself was not denied. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16. | ||||
| CVE-2026-59802 | 1 Pwpush | 1 Password Pusher | 2026-07-10 | 8.2 High |
| PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the valid_url function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and credential theft under the trusted PasswordPusher domain. | ||||