Export limit exceeded: 364491 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364491 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364491 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54404 | 2026-07-09 | 8.8 High | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||||
| CVE-2026-55114 | 1 Ubiquiti | 1 Unifi Network Application | 2026-07-09 | 8.8 High |
| A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application. | ||||
| CVE-2024-31636 | 1 Lief-project | 1 Lief | 2026-07-09 | 3.9 Low |
| An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component. | ||||
| CVE-2024-29640 | 1 Messense | 1 Aliyundrive-webdav | 2026-07-09 | 9.8 Critical |
| An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. | ||||
| CVE-2024-29296 | 1 Portainer | 1 Portainer | 2026-07-09 | 5.3 Medium |
| A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | ||||
| CVE-2024-26566 | 2 Iscute, Ods-im | 2 Cute Http File Server, Cutehttpfileserver | 2026-07-09 | 8.2 High |
| An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. | ||||
| CVE-2024-25294 | 1 Getrebuild | 1 Rebuild | 2026-07-09 | 9.1 Critical |
| An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. | ||||
| CVE-2024-24520 | 1 Lepton-cms | 1 Leptoncms | 2026-07-09 | 7.8 High |
| An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | ||||
| CVE-2024-23084 | 2 Apfloat, Mikkotommila | 2 Apfloat, Apfloat | 2026-07-09 | 7.5 High |
| Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-23080 | 1 Joda | 1 Joda Time | 2026-07-09 | 9.1 Critical |
| Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2024-23078 | 1 Jgrapht | 1 Core | 2026-07-09 | 9.1 Critical |
| JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2023-51141 | 1 Zkteco | 1 Biotime | 2026-07-09 | 6.5 Medium |
| An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | ||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2026-07-09 | 9.8 Critical |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | ||||
| CVE-2023-46010 | 1 Seacms | 1 Seacms | 2026-07-09 | 9.8 Critical |
| An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | ||||
| CVE-2023-45379 | 1 Posthemes | 1 Posrotatorimg | 2026-07-09 | 9.8 Critical |
| In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. | ||||
| CVE-2023-43336 | 1 Sangoma | 1 Freepbx | 2026-07-09 | 8.8 High |
| Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | ||||
| CVE-2026-11856 | 2 Curl, Redhat | 2 Curl, Hummingbird | 2026-07-09 | 9.8 Critical |
| Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Authorization:` header field meant for `hostA`, to `hostB`. | ||||
| CVE-2026-52718 | 2 Gstreamer Project, Redhat | 2 Gstreamer Plugin, Enterprise Linux | 2026-07-08 | 6.5 Medium |
| A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash. | ||||
| CVE-2026-57481 | 1 Parse Community | 1 Parse Server | 2026-07-08 | N/A |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery subscriber could receive object field values they were not authorized to read when a single save changed both an object field and the subscriber's ACL read access, because leave and enter events included the wrong object state. This issue is fixed in versions 9.9.1-alpha.13 and 8.6.83. | ||||
| CVE-2026-54773 | 1 Corewcf | 1 Corewcf | 2026-07-08 | 5.9 Medium |
| CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1. | ||||