Export limit exceeded: 366753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366753 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9046 | 1 Lenovo | 2 App Store, Legion Zone | 2026-07-16 | 7 High |
| A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code. | ||||
| CVE-2026-44969 | 2026-07-16 | 2.5 Low | ||
| dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.call_tool() in src/dbt_mcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool call and at ERROR level on exceptions, and configure_file_logging() wrote those records to dbt-mcp.log when DBT_MCP_SERVER_FILE_LOGGING=true, preserving sensitive sql_query, vars, and node_selection values in plaintext without automatic rotation or deletion. This issue is fixed in version 1.17.1. | ||||
| CVE-2026-44970 | 2026-07-16 | 3.1 Low | ||
| dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DefaultUsageTracker.emit_tool_called_event() in src/dbt_mcp/tracking/tracking.py serialized every MCP tool call's complete arguments dictionary and sent it through dbtlabs_vortex.producer.log_proto without redaction, including sql_query from show, vars from run, build, and test, and node_selection from compile, while usage_tracking_enabled in settings.py enabled telemetry by default unless DBT_SEND_ANONYMOUS_USAGE_STATS=false or DO_NOT_TRACK=1 was set. This issue is fixed in version 1.17.1. | ||||
| CVE-2026-44968 | 2026-07-16 | 6.3 Medium | ||
| dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py appended unsanitized node_selection and resource_type values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-dir, --project-dir, and --target into subprocess.Popen even though shell=False prevents shell metacharacter injection. This issue is fixed in version 1.17.1. | ||||
| CVE-2026-39808 | 1 Fortinet | 3 Fortisandbox, Fortisandbox Paas, Fortisandboxpaas | 2026-07-16 | 9.1 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here> | ||||
| CVE-2026-25089 | 1 Fortinet | 5 Fortisandbox, Fortisandbox Cloud, Fortisandbox Paas and 2 more | 2026-07-16 | 9.1 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests | ||||
| CVE-2026-58644 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-07-16 | 9.8 Critical |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-13103 | 1 Lenovo | 1 App Store | 2026-07-16 | 7.3 High |
| A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code. | ||||
| CVE-2026-63086 | 1 Huggingface | 1 Text-generation-inference | 2026-07-16 | 8.6 High |
| text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF) vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted image_url value in chat message content. The fetch_image function in router/src/validation.rs performs no validation of private, loopback, link-local, or cloud metadata target addresses, and the reqwest HTTP client follows redirects by default, enabling attackers to bypass scheme checks via redirect chains to reach internal services and cloud instance-metadata endpoints for internal port scanning and credential theft. | ||||
| CVE-2026-63304 | 1 Wwbn | 1 Avideo | 2026-07-16 | 8.1 High |
| AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses() function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers who can craft a valid encrypted codeToExec payload can break out of the single-quoted grep context and execute arbitrary OS commands as the web-server user. | ||||
| CVE-2026-13104 | 1 Lenovo | 1 App Store | 2026-07-16 | 7.3 High |
| A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges. | ||||
| CVE-2026-14371 | 1 Lenovo | 1 Xclarity Integrator For Microsoft Windows Admin Center | 2026-07-16 | N/A |
| The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands. | ||||
| CVE-2026-15945 | 1 Redhat | 4 Build Keycloak, Jboss Data Grid, Jbosseapxp and 1 more | 2026-07-16 | 4.3 Medium |
| A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration. | ||||
| CVE-2026-10587 | 1 Lenovo | 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more | 2026-07-16 | 6 Medium |
| A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode. | ||||
| CVE-2026-10588 | 1 Lenovo | 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more | 2026-07-16 | 4.4 Medium |
| A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory. | ||||
| CVE-2026-10589 | 2026-07-16 | 6 Medium | ||
| A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode. | ||||
| CVE-2026-10590 | 1 Lenovo | 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more | 2026-07-16 | 4.4 Medium |
| A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler. | ||||
| CVE-2026-55440 | 1 Microsoft | 1 Ufo | 2026-07-16 | 6.5 Medium |
| Microsoft UFO open-source framework for intelligent automation across devices and platforms. Prior to 3.0.7, the COMMAND_RESULTS handler in ufo/server/ws/handler.py called get_or_create_session in ufo/server/services/session_manager.py without owner_client_id, allowing an authenticated client to create an unowned attacker-chosen session_id such as constellation_task_id = f"{task_name}@{task_id}" and deny the legitimate owner or exhaust memory with phantom sessions. This issue is fixed in version 3.0.7. | ||||
| CVE-2026-44595 | 1 Yamcs | 1 Yamcs | 2026-07-16 | 4.3 Medium |
| Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check in yamcs-core/src/main/java/org/yamcs/http/api/IamApi.java, so any authenticated user, even one with low or no privileges, could enumerate all user accounts in the system including their usernames, superuser status, and group memberships. This issue is fixed in versions 5.12.7 and 5.13.0. | ||||
| CVE-2026-44596 | 1 Yamcs | 1 Yamcs | 2026-07-16 | 6.5 Medium |
| Yamcs is a mission control framework. Prior to 5.12.7, the authentication endpoint POST /auth/token in yamcs-core, handled by yamcs-core/src/main/java/org/yamcs/http/auth/AuthHandler.java, lacked any rate limiting, account lockout, or failed-attempt throttling, so an unauthenticated remote attacker could perform unlimited password-guessing attempts against any user account, significantly increasing the risk of successful brute-force attacks. This issue is fixed in versions 5.12.7 and 5.13.0. | ||||