Export limit exceeded: 367121 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367121 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56877 | 2026-07-17 | 6.3 Medium | ||
| The SCORM lab launch endpoint in Skillable (scorm.skillable.com) through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consume other users' lab allocations, resulting in denial of service against targeted users' lab and exam access. Skillable was formerly named Learn on Demand Systems. | ||||
| CVE-2026-48010 | 1 Shopware | 2 Platform, Shopware | 2026-07-17 | 6.5 Medium |
| Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser() in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEM_SCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users; IntegrationController::upsertIntegration() contains an isAdmin() check for the same field, but UserController was missing this check. This issue is fixed in versions 6.6.10.18 and 6.7.10.1. | ||||
| CVE-2026-47183 | 2026-07-17 | 6.5 Medium | ||
| Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _seen_logs dictionary keyed by attacker-influenced IncomingDecodeError messages, retaining sys.exc_info() tracebacks whose frame locals kept raw packet self.data buffers and allowing unauthenticated hosts on the local link over UDP/5353 (224.0.0.251 / ff02::fb) to drive memory growth until mDNS-dependent features degrade or the process is OOM-killed. This issue is fixed in version 0.149.6. | ||||
| CVE-2026-45162 | 1 Pimcore | 1 Pimcore | 2026-07-17 | 8 High |
| Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, multiple Pimcore locations call PHP's unserialize() on data from database columns and filesystem files without the allowed_classes restriction, including lib/Tool/Authentication.php, models/Site/Dao.php, models/DataObject/ClassDefinition/CustomLayout/Dao.php, models/Tool/TmpStore/Dao.php, models/Asset/WebDAV/Service.php, and admin-ui-classic-bundle/src/Helper/Dashboard.php, enabling object injection and remote code execution if an attacker can control the serialized data source. This issue is fixed in versions 11.5.17 (LTS) and 12.3.7. | ||||
| CVE-2026-8505 | 1 Ibm | 1 Langflow Oss | 2026-07-17 | 9.8 Critical |
| IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The system incorrectly bypasses API key validation when the WEBHOOK_AUTH_ENABLE configuration is set to False (which is the default setting). This allows a remote attacker who knows a flow's UUID to execute it as if they were the owner, potentially leading to Remote Code Execution (RCE). | ||||
| CVE-2026-44739 | 1 Pimcore | 1 Pimcore | 2026-07-17 | 8.7 High |
| Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction, SqlAdapter::getColumns, SqlAdapter::buildQueryString, and Db::fetchAssociative(), allowing an attacker with the reports_config permission to use arbitrary SELECT queries, UNION statements, dangerous database functions, and error-based SQL injection to exfiltrate or manipulate database data. This issue is fixed in versions 11.5.17 (LTS) and 12.3.6. | ||||
| CVE-2026-7755 | 1 Ibm | 1 Langflow Oss | 2026-07-17 | 8.8 High |
| IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files. | ||||
| CVE-2026-15093 | 1 Ibm | 1 Engineering Ai Hub | 2026-07-17 | 4.3 Medium |
| IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to redirect users to malicious websites due to improper validation of user-supplied URLs. | ||||
| CVE-2026-51807 | 2026-07-17 | 9.8 Critical | ||
| Heap-based out-of-bounds write in j2k_precinct_subband::parse_packet_header() in OpenHTJ2K versions 0.18.3 and earlier (fixed in v0.18.4) caused by missing bounds validation before coding-pass lengths are written to j2k_codeblock::pass_length[128]. A crafted JPEG 2000 codestream containing malformed PPM packet headers can trigger a heap-based out-of-bounds write in j2k_precinct_subband::parse_packet_header() in source/core/coding/coding_units.cpp due to missing bounds validation for the j2k_codeblock::pass_length[128] array which can lead to heap corruption and process termination. | ||||
| CVE-2026-51808 | 2026-07-17 | 9.8 Critical | ||
| Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the openhtj2k_decoder_impl::invoke, invoke_line_based, invoke_line_based_stream, and invoke_line_based_predecoded function in source/core/interface/decoder.cpp | ||||
| CVE-2025-56362 | 2026-07-17 | 7.5 High | ||
| A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 (in the Pump Configuration and Control cluster), the server tick function violates the assertion `currentLevel < maxLevel`, resulting in a crash. This can be exploited remotely without authentication to cause denial of service. Affected versions include 1.3 and 1.4 (commit ab3d5ae). | ||||
| CVE-2025-56364 | 2026-07-17 | N/A | ||
| A use of uninitialized value vulnerability exists in the Matter SDK (connectedhomeip) before 1.4.0, where the `GetDestinationGroupId().Value()` method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID. The issue affects all versions before commit 0360cc3 (Dec 5, 2024) and leads to denial of service through SIGABRT. It is fixed by adding a .HasValue() check before access. | ||||
| CVE-2026-38450 | 2026-07-17 | N/A | ||
| An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function | ||||
| CVE-2026-52100 | 2026-07-17 | 7.5 High | ||
| Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to execute arbitrary code via the uploadPutHandler function | ||||
| CVE-2026-52101 | 2026-07-17 | 9.1 Critical | ||
| An issue in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to obtain sensitive information via the function uploadRemote function in upload.go | ||||
| CVE-2026-36214 | 1 Osticket | 1 Osticket | 2026-07-17 | 5.4 Medium |
| osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions. | ||||
| CVE-2026-9561 | 1 Eclipse | 1 Kura | 2026-07-17 | N/A |
| Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 (Web Console) and org.eclipse.kura.rest.provider (REST API) components use this header as the primary IP source when initializing audit context, and org.eclipse.kura.jetty.customizer unconditionally installs Jetty's ForwardedRequestCustomizer on all HTTP/HTTPS connectors, causing HttpServletRequest.getRemoteAddr() to reflect the attacker-controlled header value. An unauthenticated remote attacker can exploit this vulnerability to bypass IP-based brute-force protections — such as fail2ban — by spoofing the logged IP address to a non-routable value, allowing a brute-force attack to proceed undetected, or to cause a denial of service against a third party by injecting a victim's IP address and triggering a ban on that address. | ||||
| CVE-2026-12606 | 1 Eclipse | 1 Glassfish | 2026-07-17 | N/A |
| Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling. | ||||
| CVE-2025-40945 | 2026-07-17 | 6.7 Medium | ||
| A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2026-52584 | 1 Libjxl | 1 Libjxl | 2026-07-17 | N/A |
| Buffer Overflow vulnerability in libjxl v.0.11.2 and before allows a local attacker to obtain sensitive information via the DecodeImageAPNG function | ||||