Search Results (12851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-45754 2026-07-14 N/A
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST requests to inject forged Mailjet and LOX24 event payloads. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.
CVE-2026-56157 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-14 5.4 Medium
Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-58545 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 5.5 Medium
Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.
CVE-2026-58277 1 Microsoft 2 Sharepoint Server 2016, Sharepoint Server 2019 2026-07-14 8.8 High
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2026-50338 1 Microsoft 1 Azure Spring Apps 2026-07-14 8.2 High
Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-58631 1 Microsoft 1 Windows Admin Center 2026-07-14 7.8 High
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally.
CVE-2026-50311 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Improper access control in Windows Server allows an authorized attacker to elevate privileges locally.
CVE-2026-50297 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7 High
Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-58540 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-57088 1 Microsoft 4 Windows 10 1809, Windows Server 2019, Windows Server 2022 and 1 more 2026-07-14 7.8 High
Improper access control in Extensible Storage Engine (ESENT) allows an authorized attacker to elevate privileges locally.
CVE-2026-56241 1 Cap-go 1 Cap-go 2026-07-14 8.3 High
Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org_users.user_right column not being cleared during role binding deletion. Attackers can exploit this by maintaining a previously granted super_admin role to enumerate and bulk delete non-compliant bundles across the entire organization indefinitely.
CVE-2026-15491 1 Rafymrx 1 Toko-online-roti 2026-07-14 7.3 High
A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-15473 1 Eleveo 1 Call Recording Software 2026-07-14 6.3 Medium
A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-15627 1 Nextlevelbuilder 1 Goclaw 2026-07-14 4.3 Medium
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-51538 1 Eipstackgroup 1 Opener 2026-07-14 9.1 Critical
EIPStackGroup OpENer 2.3.0 (commit 76b95cf) suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided session_handle exists in the global session list, but it fails to verify whether that handle belongs to the specific TCP connection issuing the request. Because there is no strong binding between a session handle and its originating socket, any attacker on the network can use a valid session handle created by another legitimate client to bypass access controls.
CVE-2026-62393 1 Apache 1 Kylin 2026-07-14 N/A
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which fixes the issue.
CVE-2026-15622 1 Poco-ai 1 Poco-claw 2026-07-14 5.3 Medium
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user_id can lead to authorization bypass. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. Upgrading the affected component is recommended.
CVE-2026-15677 1 Code-projects 1 Online Job Portal 2026-07-14 7.3 High
A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-15087 1 Drupal 1 Clean Restful 2026-07-14 5.9 Medium
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.
CVE-2026-15375 1 Eleveo 2 Call Recording, Call Recording Software 2026-07-14 4.3 Medium
A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.