Search

Search Results (365295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-51600 1 Tenda 1 Cp3 V3 2026-07-13 7.5 High
Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests (including DESCRIBE, SETUP, and PLAY methods). When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting state, causing the affected TCP connection to become permanently non-functional. The device does not actively close the connection, resulting in a TCP resource leak. This issue can be exploited by an unauthenticated remote attacker to cause a denial-of-service condition.
CVE-2026-51599 1 Mercury 1 Mipc252w 2026-07-13 9.8 Critical
An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding message body. The affected RTSP parser enters a body-waiting state instead of rejecting the malformed request, causing all subsequent data on the connection to be silently consumed as body content until a server-side timeout closes the connection.
CVE-2026-11571 2026-07-13 7.5 High
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.
CVE-2026-12517 2026-07-13 5.3 Medium
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users (the gating nonce is exposed on public pages carrying an embed) to make the site request internal and private-network URLs and read back the parsed page metadata. This is a Server-Side Request Forgery.
CVE-2026-57830 2026-07-13 N/A
The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion.
CVE-2026-58304 1 Samsung Open Source 1 Escargot 2026-07-13 6.1 Medium
Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a.
CVE-2026-58307 1 Samsung Open Source 1 Escargot 2026-07-13 6.1 Medium
Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c.
CVE-2026-14261 1 Xerte 1 Xerte Online Tools 2026-07-13 9.1 Critical
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
CVE-2026-54800 1 Siemens 2 Cpci85 Central Processing\/communication, Sicore Base System 2026-07-13 4.8 Medium
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.
CVE-2026-15542 1 Will-moss 1 Isaiah 2026-07-13 7.3 High
A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this issue awaits acceptance.
CVE-2026-54468 1 Dell 1 Unisphere For Powermax 2026-07-13 6.5 Medium
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
CVE-2026-59793 1 Jetbrains 1 Teamcity 2026-07-13 8.8 High
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
CVE-2026-59796 1 Jetbrains 1 Teamcity 2026-07-13 8.1 High
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
CVE-2026-15552 1 Ragic 1 Enterprise Cloud Database 2026-07-13 6.1 Medium
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.
CVE-2026-57280 1 Jenkins Project 1 Jenkins Script Security Plugin 2026-07-13 8.8 High
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.
CVE-2026-57297 2 Jenkins, Jenkins Project 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin 2026-07-13 5.4 Medium
A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.
CVE-2026-57299 2 Jenkins, Jenkins Project 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin 2026-07-13 4.3 Medium
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.
CVE-2026-52195 1 Utt 1 Nv518g 2026-07-13 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component
CVE-2026-52197 1 Utt 1 Nv518g 2026-07-13 7.5 High
An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component
CVE-2026-52193 2026-07-13 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component