Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50652 | 1 Microsoft | 2 .net, Azure Active Directory | 2026-07-16 | 7.5 High |
| Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-59117 | 1 Microsoft | 1 Terminal | 2026-07-16 | 7.5 High |
| Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-10706 | 1 Adalo No-code App Builder | 1 App Builder | 2026-07-16 | 7.5 High |
| In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties. | ||||
| CVE-2026-15044 | 1 Redhat | 1 Openshift Ai | 2026-07-16 | 6.3 Medium |
| A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models. | ||||
| CVE-2026-32591 | 1 Redhat | 3 Mirror Registry, Mirror Registry For Red Hat Openshift, Quay | 2026-07-16 | 5.2 Medium |
| A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application. | ||||
| CVE-2026-14782 | 2026-07-16 | 4.9 Medium | ||
| The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the Customer Import in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with wpamelia-manager role, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-60063 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 7 High |
| An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation or system instability. | ||||
| CVE-2026-61389 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 7 High |
| An out-of-bounds write vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption via a crafted IOCTL request, potentially resulting in privilege escalation or system instability. | ||||
| CVE-2026-60140 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 6.1 Medium |
| An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This can lead to exposing sensitive information or causing the affected product to become unstable or unavailable. | ||||
| CVE-2026-57896 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 6.1 Medium |
| An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product. | ||||
| CVE-2026-60073 | 1 Automationdirect | 1 Productivity Suite | 2026-07-16 | 5.9 Medium |
| An out-of-bounds read in the Productivity Suite allows a physical attacker to control the length of data sent to a USB device. This can lead to a system crash or disclosure of kernel memory. | ||||
| CVE-2026-53412 | 2026-07-16 | 9.8 Critical | ||
| Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access. | ||||
| CVE-2026-53411 | 2026-07-16 | 7.8 High | ||
| A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges. | ||||
| CVE-2026-53410 | 2026-07-16 | 7 High | ||
| A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges. | ||||
| CVE-2026-53409 | 2026-07-16 | 7.8 High | ||
| Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2026-38158 | 2026-07-16 | N/A | ||
| A SQL injection vulnerability in the /ureport/datasource/previewData component of ureport v2.2.9 allows attackers to access sensitive database information via crafted SQL statements. | ||||
| CVE-2026-15352 | 2026-07-16 | 7.5 High | ||
| A vulnerability exists in the Health & Safety (HS) application of NASA's Core Flight System (cFS). The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service. | ||||
| CVE-2024-34268 | 2026-07-16 | 7.1 High | ||
| EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46 was discovered to allow unsecured bluetooth connections. This vulnerability allows attackers to gain full access to the device without authentication. | ||||
| CVE-2024-32389 | 2026-07-16 | 3.5 Low | ||
| Buffer Overflow vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the update URLs component. | ||||
| CVE-2024-32387 | 2026-07-16 | 5.7 Medium | ||
| An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via the community string component. | ||||