Export limit exceeded: 366658 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366658 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-24220 1 Nvidia 1 Tensorrt-llm 2026-07-16 6.4 Medium
NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution.
CVE-2026-47470 1 Nvidia 1 Tensorrt-llm 2026-07-16 6.2 Medium
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-47475 1 Nvidia 1 Tensorrt-llm 2026-07-16 6.2 Medium
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-24271 1 Nvidia 1 Tensorrt-llm 2026-07-16 6.2 Medium
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-15769 1 Google 1 Chrome 2026-07-16 8.3 High
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15770 1 Google 1 Chrome 2026-07-16 6.5 Medium
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15772 1 Google 1 Chrome 2026-07-16 8.3 High
Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15775 1 Google 1 Chrome 2026-07-16 6.5 Medium
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15776 1 Google 1 Chrome 2026-07-16 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15778 1 Google 1 Chrome 2026-07-16 6.5 Medium
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-24268 1 Nvidia 1 Tensorrt 2026-07-16 7.8 High
NVIDIA TensorRT contains a vulnerability where an attacker might cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution.
CVE-2026-12391 2026-07-16 5 Medium
An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic information without verifying the file type or ownership. An unprivileged local attacker can exploit this behavior by creating a symbolic link (symlink) at a predictable destination path pointing to an arbitrary, root-readable file (such as /etc/shadow or private files within /root). When a root administrator or operator subsequently executes the pro collect-logs command, the tool follows the user-controlled symlink, reads the target file, and compresses its contents into the resulting diagnostic support archive. Because the output archive remains readable by the unprivileged user, the attacker can extract and read the sensitive root-owned files, leading to a complete information disclosure of system secrets.
CVE-2026-30618 2026-07-16 9.8 Critical
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulting in execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the Fay service.
CVE-2026-30623 1 Berriai 1 Litellm 2026-07-16 9.8 Critical
LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary command and args values. LiteLLM executes these values on the host without validation, enabling attackers to run arbitrary operating system commands. Successful exploitation may result in remote code execution with the privileges of the LiteLLM process.
CVE-2026-63306 2026-07-16 8.6 High
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure.
CVE-2026-40957 2026-07-16 N/A
o   CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator.
CVE-2026-40953 2026-07-16 N/A
CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control.
CVE-2026-56456 2026-07-16 5.3 Medium
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a remote attacker to map the underlying server environment and identify targets for further exploitation.
CVE-2026-40954 2026-07-16 N/A
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client
CVE-2026-8919 1 Asus 1 Gamesdk 2026-07-16 N/A
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in information disclosure or data tampering, may cause GameSDK to become unavailable, and may also enable access to the victim’s information on other services. Refer to the ' Security Update for ASUS GameSDK  ' section on the ASUS Security Advisory for more information.