Export limit exceeded: 366011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366011 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54118 1 Microsoft 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more 2026-07-14 8.8 High
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-54117 1 Microsoft 1 Sql Server 2025 2026-07-14 8.8 High
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-55012 1 Microsoft 1 Malware Protection Engine 2026-07-14 7.8 High
Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.
CVE-2026-55011 1 Microsoft 1 Malware Protection Engine 2026-07-14 7.8 High
Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally.
CVE-2026-55006 1 Microsoft 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se 2026-07-14 7.8 High
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
CVE-2026-55005 1 Microsoft 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se 2026-07-14 8.8 High
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
CVE-2026-15429 2026-07-14 N/A
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.  An authenticated user with sufficient privileges may be able to modify account settings and gain elevated administrative privileges.
CVE-2026-15428 2026-07-14 N/A
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges. Successful exploitation may allow remote code execution and complete compromise of the device.
CVE-2026-15427 2026-07-14 N/A
An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069 being enabled and ability to influence ACS-delivered commands, compromise or control an ACS server. Successful exploitation may allow arbitrary command execution with root privileges, resulting in complete compromise of the device.
CVE-2026-15703 1 Sourcecodester 1 Simple And Nice Shopping Cart Script 2026-07-14 7.3 High
A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-9108 1 Rockwellautomation 1 Studio 5000 Logix Designer 2026-07-14 N/A
A path traversal security issue exists within Studio 5000 Logix Designer® due to improper limitation of file paths within ACD project files. The software does not sanitize or validate file names embedded in the ACD file structure during the project opening procedure, allowing path traversal sequences to escape the intended extraction directory. If exploited, an attacker could craft a malicious ACD project file that results in arbitrary files being written to attacker-controlled locations on the file system, potentially leading to code execution.
CVE-2026-9128 1 Rockwellautomation 1 Studio 5000 Logix Designer 2026-07-14 N/A
A code execution security issue exists within Studio 5000 Logix Designer® due to an unquoted search path in the External Tools configuration. The executable paths specified in the external tools configuration file are not properly quoted, and because these paths contain spaces, the operating system may resolve them to unintended executables placed earlier in the search order. If exploited, an attacker could plant a malicious executable in a location within the search path, resulting in arbitrary code execution with the same permissions of the user running the application.
CVE-2026-38969 1 Ruby 1 Webrick 2026-07-14 7.5 High
DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2026-59891 2026-07-14 9.6 Critical
sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials() reads credentials from the Docker config file and selects an entry by checking whether any configured auth key contains the target registry string. Because this is a substring match rather than an exact host match, credentials configured for one registry can be selected for and transmitted to a different registry whose hostname has a substring relationship with a configured auth key. This issue is fixed in version 0.7.1.
CVE-2026-14646 1 Sonatype 1 Nexus Repository Manager 2026-07-14 N/A
Nexus Repository 3 did not apply its existing Server-Side Request Forgery (SSRF) protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymous user, if anonymous access is enabled — could receive a response from an internal network address or cloud metadata endpoint as repository content, potentially exposing sensitive information such as cloud IAM credentials.
CVE-2026-15702 1 Tamagui 1 Tamagui 2026-07-14 6.3 Medium
A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded.
CVE-2026-54408 2026-07-14 8.6 High
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.
CVE-2026-54406 1 Ubiquiti 1 Unifi Network Application 2026-07-14 8.7 High
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.
CVE-2026-50747 2026-07-14 9.9 Critical
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device.
CVE-2026-54402 2026-07-14 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.