Export limit exceeded: 364234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35210 | 1 Opencti-platform | 1 Opencti | 2026-07-08 | 7.1 High |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header, enabling attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object types including Indicators, ThreatActors, Malware, and Reports. This issue is fixed in version 7.260326.0. | ||||
| CVE-2026-35211 | 1 Opencti-platform | 1 Opencti | 2026-07-08 | 6.5 Medium |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied Elasticsearch Painless script values directly into search queries without validation or sanitization, allowing computationally expensive scripts to consume cluster CPU resources and degrade or deny service for all users. This issue is fixed in version 7.260401.0. | ||||
| CVE-2026-48492 | 1 Grokability | 1 Snipe-it | 2026-07-08 | N/A |
| Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This exposes usernames, display names, employee numbers, and user IDs for every active account in the system if FMCS is not enabled, and within the company they belong to if FMCS is enabled. Version 8.6.1 contains a patch. | ||||
| CVE-2026-55830 | 1 Zope | 1 Restrictedpython | 2026-07-08 | 8.3 High |
| RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check_function_argument_names() rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted positional-only arguments, allowing __getattr__, _getitem_, _write_, or _print_ to be shadowed by a local parameter and bypass the embedding application's access policy. This issue is fixed in version 8.3. | ||||
| CVE-2026-15105 | 1 Davenardella | 1 Snap7 | 2026-07-08 | 6.3 Medium |
| A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-38979 | 1 Ajenti | 1 Ajenti | 2026-07-08 | N/A |
| ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses through WSGI start_response() without adding anti-framing protections such as X-Frame-Options or a Content-Security-Policy frame-ancestors restriction. | ||||
| CVE-2026-14896 | 1 Hashicorp | 2 Nomad, Nomad Enterprise | 2026-07-08 | 4.2 Medium |
| HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This vulnerability, CVE-2026-14896, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14. | ||||
| CVE-2026-14891 | 1 Hashicorp | 2 Nomad, Nomad Enterprise | 2026-07-08 | 8.7 High |
| HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability, CVE-2026-14891, is fixed in Nomad Community Edition 2.0.4 and Nomad Enterprise 2.0.4, 1.11.8, and 1.10.14. | ||||
| CVE-2026-56669 | 1 Elysiajs | 1 Elysia | 2026-07-08 | 7.5 High |
| Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of unique key-value pairs and allowing CPU exhaustion. This issue is fixed in version 1.4.29. | ||||
| CVE-2026-13698 | 1 Openvpn | 1 Openvpn | 2026-07-08 | 4.9 Medium |
| A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service | ||||
| CVE-2026-8650 | 1 Progress | 1 Moveit Transfer | 2026-07-08 | 4.5 Medium |
| Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. | ||||
| CVE-2026-8651 | 1 Progress | 1 Moveit Transfer | 2026-07-08 | 3.7 Low |
| Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. | ||||
| CVE-2026-8801 | 1 Progress | 1 Moveit Transfer | 2026-07-08 | 3.5 Low |
| Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4. | ||||
| CVE-2026-52200 | 2026-07-08 | N/A | ||
| An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk | ||||
| CVE-2026-5922 | 1 Hp Inc. | 3 Poly Ccx, Poly Edge E, Poly Trio C60 | 2026-07-08 | N/A |
| The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage. | ||||
| CVE-2026-5923 | 1 Hp Inc. | 3 Poly Ccx, Poly Edge E, Poly Trio C60 | 2026-07-08 | N/A |
| Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage. | ||||
| CVE-2026-55877 | 2026-07-08 | 6.1 Medium | ||
| Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux_icon() Twig function is marked is_safe=['html'] and Icon::toHtml() inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested script elements, on* event handlers, or dangerous URL schemes to execute cross-site scripting. This issue is fixed in versions 2.36.1 and 3.2.0. | ||||
| CVE-2026-55878 | 2026-07-08 | 7.8 High | ||
| Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative() accepts paths like ../../../etc, a crafted or compromised kit can write attacker-controlled content to arbitrary locations or read local files outside the recipe directory. This issue is fixed in versions 2.36.1 and 3.2.0. | ||||
| CVE-2026-13753 | 1 Hp | 1 Hp 2800 Printer Series | 2026-07-08 | 7.5 High |
| A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other administrative security state details. When accessed through the web interface, these setting pages explicitly require administrator credentials before sensitive information is displayed. | ||||
| CVE-2026-11405 | 2026-07-08 | 9.8 Critical | ||
| The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor | ||||