Export limit exceeded: 362653 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362653 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49451 | 1 Microsoft | 1 Openapi.net | 2026-07-01 | 7.5 High |
| The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause process termination through stack overflow in Microsoft.OpenApi. The issue affects OpenAPI document parsing through public OpenAPI.NET reader APIs and has been confirmed across both JSON and YAML reader paths. This vulnerability is fixed in 2.7.5 and 3.5.4. | ||||
| CVE-2026-8864 | 2 Hp, Hp Inc. | 2 Fan Control App, Hp Fan Control App | 2026-07-01 | N/A |
| The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability. | ||||
| CVE-2026-13207 | 1 Frangoteam | 1 Fuxa Scada/hmi | 2026-07-01 | 7.5 High |
| FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. | ||||
| CVE-2026-10562 | 1 Tp-link | 1 Archer Ax20 | 2026-07-01 | N/A |
| An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web server, these inputs may cause the device to respond with HTTP 3xx redirects to attacker-controlled external domains. This issue affects Archer AX20 V2.0: through 2.1.9 Build 20230829. | ||||
| CVE-2026-44628 | 1 Offis Dicom | 1 Dcmtk Toolkit | 2026-07-01 | 7.5 High |
| An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record. | ||||
| CVE-2026-52868 | 1 Offis Dicom | 1 Dcmtk Toolkit | 2026-07-01 | 8.2 High |
| An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation. | ||||
| CVE-2026-35505 | 1 Offis Dicom | 1 Dcmtk Toolkit | 2026-07-01 | 7.5 High |
| An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart. | ||||
| CVE-2026-50254 | 1 Offis Dicom | 1 Dcmtk Toolkit | 2026-07-01 | 7.5 High |
| An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it. | ||||
| CVE-2026-50003 | 1 Offis Dicom | 1 Dcmtk Toolkit | 2026-07-01 | 9.8 Critical |
| A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths. | ||||
| CVE-2026-54672 | 1 Electron-userland | 2 App-builder-lib, Electron-builder | 2026-07-01 | 7.8 High |
| electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LD_LIBRARY_PATH environment variable at runtime. This causes the current working directory to be added to the dynamic linker search path, which may allow an attacker to execute arbitrary code by placing a malicious shared library in the directory from which the AppImage is launched. This issue has been fixed in version 26.15.0. | ||||
| CVE-2026-50040 | 1 Stonefly | 2 Storage Concentrator, Storage Concentrator Virtual Machine | 2026-07-01 | 6.1 Medium |
| Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim. | ||||
| CVE-2026-13776 | 1 Google | 1 Chrome | 2026-07-01 | N/A |
| Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13783 | 1 Google | 1 Chrome | 2026-07-01 | N/A |
| Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-54900 | 1 Ohler | 1 Oj | 2026-07-01 | N/A |
| Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in form_attr (usual.c:63) converts the length to -1 before passing it to memcpy. This causes memcpy to copy SIZE_MAX bytes (interpreted as a huge size_t), corrupting heap memory and crashing the process. The issue has been fixed in version 3.17.2. | ||||
| CVE-2026-57339 | 2 Strategy11team, Wordpress | 2 Business Directory Plugin, Wordpress | 2026-07-01 | 6.6 Medium |
| Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions. | ||||
| CVE-2026-9105 | 1 Tp-link | 1 Tl-wr841n V14 | 2026-07-01 | N/A |
| An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Successful exploitation results in a denial-of-service condition, causing the device to crash and automatically reboot. | ||||
| CVE-2026-57947 | 3 Pinpoint, Pinpoint-apm, Wordpress | 3 Pinpoint Booking System, Pinpoint, Wordpress | 2026-07-01 | 8.5 High |
| Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized access to internal network resources. | ||||
| CVE-2026-57949 | 1 Yunaiv | 1 Ruoyi-vue-pro | 2026-07-01 | 6.5 Medium |
| ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this by sending requests with arbitrary ID parameters to access other users' follow-up notes, file attachments, scheduling information, and business entity references without proper authorization checks. | ||||
| CVE-2026-57950 | 1 Yunaiv | 1 Ruoyi-vue-pro | 2026-07-01 | 8.1 High |
| ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement. Attackers holding shipment-level permissions can perform unauthorized create, update, delete, and read operations on financially sensitive sale orders due to the controller enforcing erp:sale-out instead of the intended erp:sale-order namespace. | ||||
| CVE-2026-13762 | 1 Amazon | 1 Amazon Cloudfront | 2026-07-01 | 9.8 Critical |
| Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was remediated server-side. No customer action is required. | ||||