Search

Search Results (367003 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-47840 1 Cloudfoundry 2 Cf-deployment, Uaa 2026-07-17 7.5 High
A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS. Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
CVE-2026-58306 1 Samsung Open Source 1 Escargot 2026-07-17 6.1 Medium
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98.
CVE-2026-14261 1 Xerte 1 Xerte Online Tools 2026-07-17 9.1 Critical
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
CVE-2026-13462 1 Payrange 1 Payrange 2026-07-17 7.5 High
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
CVE-2026-43752 1 Claris 1 Filemaker Server 2026-07-17 4.9 Medium
An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1.
CVE-2026-21045 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-17 N/A
Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
CVE-2026-21050 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-17 N/A
Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21053 1 Samsung Mobile 1 Samsung Email 2026-07-17 N/A
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
CVE-2026-21054 1 Samsung Mobile 1 Inputsharing 2026-07-17 N/A
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
CVE-2026-21057 1 Samsung Mobile 1 Samsung Pass 2026-07-17 N/A
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
CVE-2026-12276 2026-07-17 5.3 Medium
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.
CVE-2026-56690 1 Dell 1 Powerflex Manager 2026-07-17 8.5 High
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access.
CVE-2026-56689 1 Dell 1 Powerflex Manager 2026-07-17 7.7 High
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-56688 1 Dell 1 Powerflex Manager 2026-07-17 9.1 Critical
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and lateral movement into managed infrastructure.
CVE-2026-54468 1 Dell 1 Unisphere For Powermax 2026-07-17 6.5 Medium
Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
CVE-2026-59795 1 Jetbrains 1 Teamcity 2026-07-17 8.1 High
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
CVE-2026-59796 1 Jetbrains 1 Teamcity 2026-07-17 8.1 High
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
CVE-2026-61492 1 Jetbrains 1 Youtrack 2026-07-17 3.5 Low
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
CVE-2026-51541 1 Eipstackgroup 1 Opener 2026-07-17 9.1 Critical
OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose path_size field claims that many more path words are present than are actually available. Because the parser trusts the attacker-controlled path_size and continues decoding path segments without a remaining-length boundary, it reads beyond the end of the stack receive buffer.
CVE-2026-52533 1 Dlink 1 Dir-1253 2026-07-17 9.8 Critical
An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an attacker to escalate privileges via the etc/shadow component file