Export limit exceeded: 363401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363401 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20463 | 1 Mediatek, Inc. | 1 Mediatek Chipset | 2026-07-05 | 6.7 Medium |
| In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309. | ||||
| CVE-2026-14699 | 1 Zcaceres | 1 Markdownify-mcp | 2026-07-05 | 3.3 Low |
| A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-14698 | 1 Sourcecodester | 1 Syllabus-aligned Learning Management And Examination System | 2026-07-05 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file upload_files.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-23350 | 2026-07-05 | 9 Critical | ||
| NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device. | ||||
| CVE-2026-24244 | 1 Nvidia | 1 Megatron-bridge | 2026-07-05 | 7.8 High |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-24251 | 1 Nvidia | 1 Megatron-bridge | 2026-07-05 | 7.8 High |
| NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. | ||||
| CVE-2026-41121 | 1 Dell | 1 Device Management Agent | 2026-07-05 | 7.3 High |
| Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2026-14695 | 1 Sourcecodester | 1 Multi-vendor Online Grocery Management System | 2026-07-05 | 7.3 High |
| A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-14384 | 1 Google | 1 Chrome | 2026-07-05 | 6.5 Medium |
| Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14388 | 1 Google | 1 Chrome | 2026-07-05 | 6.5 Medium |
| Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14417 | 1 Google | 1 Chrome | 2026-07-05 | 9.6 Critical |
| Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-14394 | 1 Google | 1 Chrome | 2026-07-05 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14694 | 1 Sourcecodester | 1 Multi-vendor Online Grocery Management System | 2026-07-05 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel_order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-10077 | 2026-07-05 | 6.8 Medium | ||
| The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wp_kses_post(), as markup, allowing users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any user who views the affected post. | ||||
| CVE-2026-14693 | 1 Sourcecodester | 1 Multi-vendor Online Grocery Management System | 2026-07-05 | 5.4 Medium |
| A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel_order of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2026-14692 | 1 Sourcecodester | 1 Multi-vendor Online Grocery Management System | 2026-07-05 | 6.3 Medium |
| A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function save_shop_type of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2026-14691 | 1 Sourcecodester | 1 Multi-vendor Online Grocery Management System | 2026-07-05 | 6.3 Medium |
| A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function update_settings_info of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content[] leads to code injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-50746 | 2026-07-05 | 10 Critical | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device. | ||||
| CVE-2026-36478 | 1 Technitium | 1 Dns Server | 2026-07-05 | 7.5 High |
| An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components | ||||
| CVE-2026-52673 | 1 Cboard | 1 Cboard | 2026-07-05 | 6.5 Medium |
| SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component | ||||