Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-58523 | 1 Microsoft | 1 Edge Chromium | 2026-07-03 | 6.5 Medium |
| Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-57679 | 2026-07-03 | 9.3 Critical | ||
| Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions. | ||||
| CVE-2026-14611 | 1 Deepmyst | 1 Mysti | 2026-07-03 | 4.3 Medium |
| A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component. | ||||
| CVE-2026-54407 | 2026-07-03 | 8.6 High | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints. | ||||
| CVE-2026-54406 | 1 Ubiquiti | 1 Unifi Network Application | 2026-07-03 | 8.7 High |
| A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device. | ||||
| CVE-2026-55110 | 2026-07-03 | 7.5 High | ||
| A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session. | ||||
| CVE-2026-55113 | 2026-07-03 | 7.5 High | ||
| A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints. | ||||
| CVE-2026-55116 | 2026-07-03 | 9 Critical | ||
| A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices. | ||||
| CVE-2026-55119 | 2026-07-03 | 8.1 High | ||
| A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application. | ||||
| CVE-2026-58426 | 2026-07-03 | 9.6 Critical | ||
| Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | ||||
| CVE-2026-58424 | 2026-07-03 | 8.9 High | ||
| Permanent Fork PR Workflow Approval Gate Bypass | ||||
| CVE-2026-58423 | 2026-07-03 | 7.7 High | ||
| LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | ||||
| CVE-2026-58422 | 2026-07-03 | N/A | ||
| Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | ||||
| CVE-2026-58421 | 2026-07-03 | N/A | ||
| Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | ||||
| CVE-2026-58419 | 2026-07-03 | N/A | ||
| Notification API leaks private issue metadata after access revocation | ||||
| CVE-2026-58418 | 2026-07-03 | 6.5 Medium | ||
| SSRF via HTTP Redirect in Repository Migration | ||||
| CVE-2026-8286 | 1 Curl | 1 Curl | 2026-07-03 | N/A |
| A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not. | ||||
| CVE-2026-8927 | 1 Curl | 1 Curl | 2026-07-03 | N/A |
| When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended solely for `proxyA`. | ||||
| CVE-2026-9547 | 1 Curl | 1 Curl | 2026-07-03 | N/A |
| When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack. | ||||
| CVE-2026-46730 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-03 | 4.2 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution. | ||||