Export limit exceeded: 366658 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366658 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13005 | 2026-07-16 | 4.4 Medium | ||
| The MxChat – AI Chatbot & Content Generation for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2026-47476 | 1 Nvidia | 1 Triton Inference Server | 2026-07-16 | 7.5 High |
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-47478 | 1 Nvidia | 1 Triton Inference Server | 2026-07-16 | 7.5 High |
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause the use of an expired file descriptor. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-47479 | 1 Nvidia | 1 Triton Inference Server | 2026-07-16 | 7.5 High |
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-47480 | 1 Nvidia | 1 Triton Inference Server | 2026-07-16 | 7.5 High |
| NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-61436 | 2 Mervinpraison, Praison | 2 Praisonai, Praisonai | 2026-07-16 | 8.6 High |
| PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message content. | ||||
| CVE-2026-61859 | 1 Imagemagick | 1 Imagemagick | 2026-07-16 | 3.3 Low |
| ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy. | ||||
| CVE-2026-61863 | 1 Imagemagick | 1 Imagemagick | 2026-07-16 | 2.9 Low |
| ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak. | ||||
| CVE-2026-54052 | 1 Czlonkowski | 1 N8n-mcp | 2026-07-16 | 9.9 Critical |
| n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLE_MULTI_TENANT=true, n8n-mcp's local workflow version history backups were not isolated per tenant, allowing an authenticated tenant to read workflow version snapshots belonging to other tenants and delete or destroy other tenants' stored backups, including full node definitions, credential references, and authorization headers. This issue is fixed in version 2.56.1. | ||||
| CVE-2026-24233 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-16 | 8.4 High |
| NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-47472 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-16 | 7.8 High |
| NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service. | ||||
| CVE-2026-47471 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-16 | 7.5 High |
| NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service. | ||||
| CVE-2026-47473 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-16 | 7.4 High |
| NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure. | ||||
| CVE-2026-24234 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-16 | 6.8 Medium |
| NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure. | ||||
| CVE-2026-24259 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-16 | 6.4 Medium |
| NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||||
| CVE-2026-24226 | 1 Nvidia | 1 Tensorrt-llm | 2026-07-16 | 6.3 Medium |
| NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||||
| CVE-2026-15764 | 1 Google | 1 Chrome | 2026-07-16 | 7.5 High |
| Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-15765 | 1 Google | 1 Chrome | 2026-07-16 | 7.5 High |
| Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-15766 | 1 Google | 1 Chrome | 2026-07-16 | 6.5 Medium |
| Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15768 | 1 Google | 1 Chrome | 2026-07-16 | N/A |
| Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | ||||