Search

Search Results (366372 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50657 1 Microsoft 1 Defender For Endpoint 2026-07-15 4.7 Medium
Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally.
CVE-2026-50668 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 6.8 Medium
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-55016 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-07-15 4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-50299 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-15 6.8 Medium
Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-55046 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-15 5.5 Medium
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-42936 2026-07-15 N/A
The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.
CVE-2026-10628 2 Wordpress, Wpswings 2 Wordpress, Points And Rewards For Woocommerce 2026-07-15 4.3 Medium
The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to convert and drain any user's reward points into wallet balance, exfiltrate all users' emails and point balances to an attacker-controlled Klaviyo account, overwrite the site's Klaviyo public API key, block or unblock arbitrary users from the points system, and modify campaign banner and heading settings. The nonce used for authentication of these requests (wps-wpr-verify-nonce) is injected into every public-facing page via wp_localize_script(), and the wps_wpr_generate_custom_wallet handler is additionally registered on the wp_ajax_nopriv_ hook, meaning unauthenticated visitors can also obtain a valid nonce and exploit that specific action.
CVE-2026-43637 2026-07-15 9.1 Critical
Cornac before 2.6.0 contains a path traversal (Tar Slip) vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the _extract_archive() function in cornac/utils/download.py. Attackers can trigger this vulnerability through the built-in dataset loaders, which automatically download and extract archives, causing archive.extractall() to write files to arbitrary locations on the filesystem accessible to the running process.
CVE-2026-61438 1 Praison 1 Praisonai 2026-07-15 7.3 High
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system() calls that bypass sandbox checks and execute arbitrary OS commands with process privileges.
CVE-2026-52840 1 Alextselegidis 1 Easyappointments 2026-07-15 2.7 Low
Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, `Caldav::connect_to_server` at `application/controllers/Caldav.php:60` hands the request's `caldav_url` to a Guzzle `REPORT` call without scheme or host validation. A logged-in backend user (admin, provider, or secretary) reaches loopback, RFC1918, and link-local hosts on the deployment's network. The Guzzle exception path returns the upstream status code plus ~120 bytes of response body in the JSON `message` field (`Caldav.php:74-78`), so the SSRF is semi-blind. Version 1.6.0 contains a patch.
CVE-2026-49783 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 7.8 High
Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-61452 2026-07-15 5.3 Medium
The Grav API plugin (getgrav/grav-plugin-api) before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti (JWT ID) claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime (default 1 hour) regardless of logout, password change, new token issuance, or account disablement. An attacker who has stolen an access token retains full API access until the token naturally expires.
CVE-2026-59203 1 Python-pillow 1 Pillow 2026-07-15 5.3 Medium
Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek backwards to the same directive and parse it repeatedly in an infinite loop. This issue is fixed in version 12.3.0.
CVE-2026-6803 2 Wordpress, Wupsales 2 Wordpress, Ai Copilot – Content Generator 2026-07-15 5.3 Medium
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wp_ajax_ and wp_ajax_nopriv_ hooks, as the base controller's getPermissions() returns an empty array and neither removeGroup nor clear are added to getNoncedMethods(), causing the authorization gate to unconditionally return true for these actions. This makes it possible for unauthenticated attackers to delete specific records by ID or delete all records from any module's database table by unauthenticated attackers.
CVE-2026-61862 1 Imagemagick 1 Imagemagick 2026-07-15 2.9 Low
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed (read past the profile boundary). This behavior occurs when debug output is enabled.
CVE-2026-15700 1 Dedecms 1 Dedecms 2026-07-15 4.7 Medium
A security flaw has been discovered in DedeCMS 5.7.118. Affected by this vulnerability is the function ExtractFile of the file include/zip.class.php of the component Album Publishing Feature. The manipulation of the argument filename results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-59884 1 Pyasn1 1 Pyasn1 2026-07-15 7.5 High
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER decoder shared by the CER and DER codecs parses long-form tags by accumulating continuation octets without an upper bound on the tag ID size, allowing a crafted input to force construction of an arbitrarily large integer with CPU cost growing quadratically and to trigger unhandled ValueError exceptions in Python 3.11+ error formatting paths. Any application decoding untrusted BER, CER, or DER input is affected. This issue is fixed in version 0.6.4.
CVE-2026-56764 1 Hono 1 Hono 2026-07-15 3.7 Low
Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing measurements.
CVE-2026-15073 2 Iqonicdesign, Wordpress 2 Kivicare – Clinic & Patient Management System (ehr), Wordpress 2026-07-15 6.5 Medium
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Doctor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires a KiviCare Doctor, Receptionist, or Clinic Admin role at minimum, as the vulnerable REST endpoint is restricted to authenticated users with custom plugin-level access.
CVE-2026-42982 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-15 7.8 High
Improper validation of consistency within input in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.