Export limit exceeded: 364021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364021 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56002 1 X.org 1 Libxfont2 2026-07-08 8.5 High
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8  allows attackers authenticated as X client to execute code within the X server.
CVE-2026-56003 1 X.org 1 Libxfont2 2026-07-08 8.5 High
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.
CVE-2026-12166 1 Little Orbit 1 Gamefirst Anti-cheat 2026-07-08 5.5 Medium
A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.
CVE-2026-54407 2026-07-08 8.6 High
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.
CVE-2026-54405 1 Ubiquiti 1 Unifi Network Application 2026-07-08 7.5 High
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.
CVE-2026-54403 2026-07-08 8.6 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
CVE-2026-54404 2026-07-08 8.8 High
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVE-2026-55110 2026-07-08 7.5 High
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.
CVE-2026-50746 2026-07-08 10 Critical
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.
CVE-2026-55111 1 Ubiquiti 1 Unifi Protect Floodlight 2026-07-08 7.5 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.
CVE-2026-55113 2026-07-08 7.5 High
A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints.
CVE-2026-55115 2026-07-08 9.9 Critical
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.
CVE-2026-55114 1 Ubiquiti 1 Unifi Network Application 2026-07-08 8.8 High
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVE-2022-4989 1 Asus 1 Ai Suite 3 2026-07-08 N/A
** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation.
CVE-2026-4967 1 Unisoc (shanghai) Technologies Co., Ltd. 1 Sc7731e/sc9832e/sc9863a/t310/t610/t618/t7200/t7225/t7250/t7255/t7280/t7300/t8100/t9100/t8200/t8300 2026-07-08 7.5 High
In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2026-11564 1 Curl 1 Curl 2026-07-08 9.1 Critical
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer.
CVE-2026-11856 1 Curl 1 Curl 2026-07-08 9.8 Critical
Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Authorization:` header field meant for `hostA`, to `hostB`.
CVE-2026-44269 1 Dell 1 Powerprotect Data Domain 2026-07-08 4.4 Medium
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-41124 1 Dell 1 Powerprotect Data Domain 2026-07-08 2.3 Low
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-41123 1 Dell 1 Powerprotect Data Domain 2026-07-08 4.3 Medium
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.