Export limit exceeded: 367033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367033 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36027 | 2026-07-17 | 6.8 Medium | ||
| An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) and Android Debug Bridge components | ||||
| CVE-2026-50813 | 1 Sqlite | 1 Sqlite | 2026-07-17 | 6.1 Medium |
| An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path | ||||
| CVE-2026-50812 | 1 Sqlite | 1 Sqlite | 2026-07-17 | 5.5 Medium |
| A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changeset_apply_v3() applies a corrupt changeset and reaches sqlite3_value_type() with a NULL sqlite3_value pointer. | ||||
| CVE-2026-36028 | 2026-07-17 | 6.8 Medium | ||
| A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset | ||||
| CVE-2026-24697 | 2026-07-17 | 7.2 High | ||
| An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-24700 | 2026-07-17 | 7.2 High | ||
| An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | ||||
| CVE-2026-56843 | 1 Webpros | 1 Plesk | 2026-07-17 | 9.9 Critical |
| Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results in cross-tenant disclosure of other tenants' FTP credentials stored in cleartext, which can be leveraged to execute code as another tenant's system user. | ||||
| CVE-2026-22927 | 1 Omnissa | 1 Omnissa Workspace One Tunnel For Windows | 2026-07-17 | 7.8 High |
| Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability. | ||||
| CVE-2026-53482 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-17 | 7.5 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2026-15112 | 1 Google | 1 Chrome | 2026-07-17 | 8.8 High |
| Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-15108 | 1 Google | 1 Chrome | 2026-07-17 | 4.3 Medium |
| Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-15110 | 1 Google | 1 Chrome | 2026-07-17 | 8.8 High |
| Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-15114 | 1 Google | 1 Chrome | 2026-07-17 | 8.8 High |
| Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High) | ||||
| CVE-2026-15117 | 1 Google | 1 Chrome | 2026-07-17 | 7.5 High |
| Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15119 | 1 Google | 1 Chrome | 2026-07-17 | 8.3 High |
| Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15122 | 1 Google | 1 Chrome | 2026-07-17 | 8.3 High |
| Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-15130 | 1 Google | 1 Chrome | 2026-07-17 | 4.3 Medium |
| Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-45422 | 1 Proximus | 1 B-box | 2026-07-17 | 8.1 High |
| Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules. | ||||
| CVE-2026-51597 | 1 Mercury | 1 Mipc252w | 2026-07-17 | 9.1 Critical |
| MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without knowledge of the device credentials, gaining unauthorized access to the live video stream. | ||||
| CVE-2026-47829 | 1 Cloud Foundry | 1 Bosh | 2026-07-17 | N/A |
| Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affected versions: bosh-cli versions prior to v7.10.4. | ||||