Export limit exceeded: 362717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362717 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10134 | 1 Ibm | 1 Langflow Oss | 2026-07-01 | 10 Critical |
| IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build. | ||||
| CVE-2026-10109 | 1 Ibm | 1 Db2 | 2026-07-01 | 9.8 Critical |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. | ||||
| CVE-2026-13775 | 1 Google | 1 Chrome | 2026-07-01 | 9.6 Critical |
| Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13793 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Insufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13796 | 1 Google | 1 Chrome | 2026-07-01 | 9.6 Critical |
| Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13818 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13894 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13896 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13900 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Inappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14080 | 1 Google | 1 Chrome | 2026-07-01 | 4.3 Medium |
| Insufficient validation of untrusted input in TabSwitcher in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via malicious network traffic. (Chromium security severity: Low) | ||||
| CVE-2026-13904 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-13990 | 1 Google | 1 Chrome | 2026-07-01 | 6.5 Medium |
| Insufficient validation of untrusted input in DataTransfer in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-14324 | 1 Redhat | 1 Enterprise Linux | 2026-07-01 | 6.5 Medium |
| RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return. | ||||
| CVE-2026-58127 | 2026-07-01 | 9.8 Critical | ||
| PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET WebClient class methods, an unauthenticated remote attacker can read and write arbitrary files on the host filesystem. The ObjectURIs are identical across all installations by default. Chaining the arbitrary file write primitive with DLL hijacking opportunities in the MediaWriter service (which runs as NT Authority\\SYSTEM and loads missing DLLs such as CRYPTBASE.DLL from the application directory) enables unauthenticated remote code execution as SYSTEM upon service restart. | ||||
| CVE-2026-56148 | 2026-07-01 | 6.5 Medium | ||
| Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable. | ||||
| CVE-2026-56149 | 2026-07-01 | 4.9 Medium | ||
| Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the affected node unavailable. | ||||
| CVE-2026-56150 | 2026-07-01 | 6.5 Medium | ||
| Allocation of Resources Without Limits or Throttling (CWE-770) in Fleet Server can lead to a denial of service via Excessive Allocation (CAPEC-130). An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server unavailable. | ||||
| CVE-2026-20191 | 2026-07-01 | 7.5 High | ||
| A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device. | ||||
| CVE-2026-20214 | 2026-07-01 | 7.5 High | ||
| A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. | ||||
| CVE-2026-20213 | 2026-07-01 | 7.5 High | ||
| A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. | ||||