Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363327 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20215 | 2026-07-03 | 7.5 High | ||
| A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. | ||||
| CVE-2026-20243 | 2026-07-03 | 7.5 High | ||
| A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. | ||||
| CVE-2026-14355 | 1 Php | 1 Php | 2026-07-03 | 5.6 Medium |
| In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort. | ||||
| CVE-2026-54262 | 1 Wagtail | 1 Wagtail | 2026-07-03 | 4.3 Medium |
| Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2. | ||||
| CVE-2026-38969 | 1 Ruby | 1 Webrick | 2026-07-03 | 6.5 Medium |
| ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. | ||||
| CVE-2026-57272 | 1 Geovision Inc. | 1 Geowebplayer | 2026-07-03 | 8.3 High |
| GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### byPass command index-out-of-bound | ||||
| CVE-2026-14617 | 1 Nousresearch | 1 Hermes-agent | 2026-07-03 | 3.1 Low |
| A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case sensitivity. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The project decided to not implement a dedicated fix: "[T]he analysis and the fix are both sound. It just lands below the bar for the maintenance cost of a duplicated scrub path." | ||||
| CVE-2026-8147 | 1 Mlflow | 1 Mlflow/mlflow | 2026-07-03 | N/A |
| In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying traces on experiments they do not have permission to access. The issue arises from the `_before_request` handler, which does not register authorization validators for trace endpoints, resulting in requests proceeding without validation. This vulnerability can expose sensitive data, destroy audit logs, and allow unauthorized modifications. | ||||
| CVE-2026-58523 | 1 Microsoft | 1 Edge Chromium | 2026-07-03 | 6.5 Medium |
| Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-57679 | 2026-07-03 | 9.3 Critical | ||
| Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions. | ||||
| CVE-2026-14611 | 1 Deepmyst | 1 Mysti | 2026-07-03 | 4.3 Medium |
| A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attack may be performed from remote. Upgrading to version 0.4.0 is sufficient to fix this issue. The name of the patch is 6d709229b5199f6769fb3cf763e5122dcc43c079. It is advisable to upgrade the affected component. | ||||
| CVE-2026-58426 | 2026-07-03 | 9.6 Critical | ||
| Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write | ||||
| CVE-2026-58424 | 2026-07-03 | 8.9 High | ||
| Permanent Fork PR Workflow Approval Gate Bypass | ||||
| CVE-2026-58423 | 2026-07-03 | 7.7 High | ||
| LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories | ||||
| CVE-2026-58422 | 2026-07-03 | N/A | ||
| Improper authorization on OAuth sign-in callback silently re-enables administrator-disabled accounts | ||||
| CVE-2026-58421 | 2026-07-03 | N/A | ||
| Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service | ||||
| CVE-2026-58419 | 2026-07-03 | N/A | ||
| Notification API leaks private issue metadata after access revocation | ||||
| CVE-2026-58418 | 2026-07-03 | 6.5 Medium | ||
| SSRF via HTTP Redirect in Repository Migration | ||||
| CVE-2026-14610 | 1 Assimp | 1 Assimp | 2026-07-03 | 5.3 Medium |
| A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. Patch name: eb84eec580d3f4ba2f0fd87409b7d0744620f11e. Applying a patch is the recommended action to fix this issue. | ||||
| CVE-2026-12481 | 2026-07-03 | N/A | ||
| A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process. | ||||