Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364612 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14476 | 2 Redhat, Sssd | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-07-10 | 8 High |
| A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass. | ||||
| CVE-2026-33264 | 1 Apache | 1 Airflow | 2026-07-10 | 9.8 Critical |
| A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossing the Airflow security boundary that DAG-author code must never execute in those processes. Users are advised to upgrade to `apache-airflow` 3.3.0 or later. As a defense-in-depth mitigation, deployments where DAG-author trust is limited can restrict the `[core] allowed_deserialization_classes` config to a narrow allowlist. | ||||
| CVE-2026-11340 | 1 Havelsan | 1 Liman Mys | 2026-07-10 | 8.3 High |
| Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107. | ||||
| CVE-2026-11348 | 1 Havelsan | 1 Liman Mys | 2026-07-10 | 8.1 High |
| Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107. | ||||
| CVE-2026-13696 | 1 Havelsan | 1 Liman Mys | 2026-07-10 | 8.8 High |
| Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107. | ||||
| CVE-2011-10043 | 1 Bingos | 1 Module::load | 2026-07-10 | 9.8 Critical |
| Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary code. | ||||
| CVE-2026-6101 | 2 Mohammed Kaludi, Wordpress | 2 Amp For Wp – Accelerated Mobile Pages, Wordpress | 2026-07-10 | 7.5 High |
| The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory. | ||||
| CVE-2026-12352 | 1 Digi International | 2 Digi One Sp / Sp Ia / Ia, Portserver Ts 1/2/4 | 2026-07-10 | 5.9 Medium |
| This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device. | ||||
| CVE-2026-12948 | 1 Digi International | 4 Digi One Ia, Digi One Sp, Digi One Sp Ia and 1 more | 2026-07-10 | N/A |
| A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79). | ||||
| CVE-2026-14935 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2026-07-10 | 3.7 Low |
| A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams. | ||||
| CVE-2026-57851 | 1 Msi | 1 Kerncorelib64.sys | 2026-07-10 | 7.8 High |
| MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privileges. Attackers can exploit the accessible device object through IOCTL handlers to manipulate kernel objects, tamper with kernel-mode callbacks, bypass Protected Process Light protections, and disable security software. | ||||
| CVE-2026-48954 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Improper validation leads to a generic XSS vector in the language override feature. | ||||
| CVE-2026-48949 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of validation leads to an XSS vulnerability in the MFA management views. | ||||
| CVE-2026-48948 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. | ||||
| CVE-2026-48953 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to an XSS vulnerability in the generic image output layout. | ||||
| CVE-2026-48951 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. | ||||
| CVE-2026-48957 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows unauthorized users to access com_privacy datasets. | ||||
| CVE-2026-48956 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows users to display a list of modules in the frontend. | ||||
| CVE-2026-48955 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows unauthorized users to access workflow stage and transition information. | ||||
| CVE-2026-48950 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. | ||||