Export limit exceeded: 10829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10829 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56456 2026-07-16 5.3 Medium
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a remote attacker to map the underlying server environment and identify targets for further exploitation.
CVE-2026-50389 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-16 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-35143 2026-07-16 3 Low
HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow a remote attacker to execute Cross-Site Request Forgery (CSRF) attacks if additional mitigations, such as Anti-CSRF tokens, are not implemented.
CVE-2026-35145 2026-07-16 3.1 Low
HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security (HSTS) policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted connection (HTTP) and conduct man-in-the-middle (MitM) attacks. To remediate this, the application must include the "Strict-Transport-Security" header in all web application responses.
CVE-2026-40956 2026-07-16 N/A
CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small amount of random memory to leak.
CVE-2026-14096 1 Google 1 Chrome 2026-07-16 6.5 Medium
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-10055 1 Eclipse 1 Theia 2026-07-16 8.5 High
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the destination URL is neither validated nor allowlisted, a remote attacker with access to the Theia service connection can issue server-side HTTP requests to localhost or other backend-reachable hosts and read their responses, exposing internal administrative endpoints, cloud instance metadata services, and other resources that are intentionally outside the browser network boundary. The vulnerability affects deployments where the Theia service connection is reachable by untrusted users (for example, multi-tenant or publicly-reachable Theia deployments).
CVE-2026-52101 2026-07-16 9.1 Critical
An issue in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to obtain sensitive information via the function uploadRemote function in upload.go
CVE-2026-10051 1 Eclipse 1 Jetty 2026-07-16 N/A
In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the union of trailers of the first request and the current request.
CVE-2026-15719 1 Mozilla 1 Firefox 2026-07-16 5.4 Medium
We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6.
CVE-2026-15642 1 Devolutions 1 Server 2026-07-16 3.3 Low
Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclude sensitive data is selected.
CVE-2026-48001 2026-07-16 3.7 Low
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.
CVE-2026-20298 1 Splunk 2 Splunk Cloud Platform, Splunk Enterprise 2026-07-15 5.3 Medium
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Processing Language (SPL) command.<br><br>The exposure happens because the `|rest` SPL command returns the `encr_password` field in the results of the `/servicesNS/-/-/storage/passwords` REST endpoint.
CVE-2026-50442 1 Microsoft 19 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 16 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-50429 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 8.2 High
Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network.
CVE-2026-50334 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.
CVE-2026-50415 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 5.3 Medium
Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network.
CVE-2026-50409 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally.
CVE-2026-50416 1 Microsoft 4 Windows 11 24h2, Windows 11 25h2, Windows 11 26h1 and 1 more 2026-07-15 3.3 Low
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.
CVE-2026-45793 2026-07-15 7.5 High
Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration() validates GitHub OAuth tokens with the regex ^[.A-Za-z0-9_]+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUB_TOKEN values using the ghs_<id>_<base64url-JWT> format can contain -, fail validation, and be disclosed to stderr or CI logs. This issue is fixed in versions 1.10.28, 2.2.28, and 2.9.8.