Export limit exceeded: 367158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50648 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50646 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.8 High
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
CVE-2026-50528 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.2 High
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50527 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50526 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7 High
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVE-2026-50525 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-56170 2 Microsoft, Redhat 2 .net, Hummingbird 2026-07-17 7.5 High
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-44891 1 Netty 1 Netty 2026-07-17 7.5 High
Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only restricts individual header lines. An attacker can send a large number of short headers that are accumulated in memory inside DefaultStompHeadersSubframe until the JVM throws an OutOfMemoryError, causing denial of service for servers exposing a STOMP endpoint based on StompSubframeDecoder. This issue is fixed in versions 4.1.136.Final and 4.2.16.Final.
CVE-2026-54244 1 Statamic 1 Cms 2026-07-17 3.5 Low
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareable Live Preview URL rendering it. This issue is fixed in versions 5.74.0 and 6.20.3.
CVE-2026-54242 1 Statamic 1 Cms 2026-07-17 4.9 Medium
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly routable, but resolved again when the image was actually fetched, so an attacker controlling the hostname's DNS could rebind it to an internal address after validation and cause the server to make HTTP requests to internal addresses, including loopback, private network, and cloud metadata endpoints. This affects sites that pass user-supplied URLs to Glide. This issue is fixed in versions 5.73.24 and 6.20.1.
CVE-2026-53727 1 Premailer 1 Css Parser 2026-07-17 N/A
css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering, or protection against link-local, loopback, or RFC-1918 addresses. Location: redirects were followed recursively back into the same function, which also serviced file:// URIs, so a single attacker-controlled HTTP redirect could upgrade the bug from SSRF to arbitrary local file disclosure. Any consumer of css_parser that hands it attacker-influenced CSS together with a base_uri: option is exposed. This issue is fixed in version 3.0.0.
CVE-2026-47304 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-17 8.1 High
Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-57980 1 Microsoft 1 Edge Chromium 2026-07-17 5.4 Medium
Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform tampering over a network.
CVE-2026-50524 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-47303 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.8 High
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-47302 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-47300 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.8 High
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-56740 2026-07-17 7.5 High
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables() in TelnetIO.java:1127-1180 stores each variable pair in a HashMap held by ConnectionData, allowing an unauthenticated attacker to flood unique variable pairs before the terminating IAC SE byte and exhaust JVM heap memory with an OutOfMemoryError. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1.
CVE-2026-56741 2026-07-17 7.5 High
JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAWS() in TelnetIO.java:856-879 reads client-supplied width and height as 16-bit unsigned integers and passes values such as 65535x65535 to setTerminalGeometry(), allowing an unauthenticated remote attacker to repeatedly alternate values and trigger continuous expensive rendering work that causes CPU exhaustion and denial of service. This issue is fixed in versions 3.30.14, 4.0.16, and 4.2.1.
CVE-2026-50185 1 Rustcrypto 1 Utils 2026-07-17 N/A
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, the aarch64 implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs assume high bits are zero-extended when loading values smaller than a register, so set high bits such as [8..] in a Cmov selector or [16..] of self or other in the u16 and i16 CmovEq implementations can cause left.cmovz(&right, condition) to produce incorrect output. This issue is fixed in version 0.5.4.