Search

Search Results (367033 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50647 1 Microsoft 14 .net, Windows 10 1607, Windows 10 1809 and 11 more 2026-07-16 7.5 High
Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-50528 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-16 8.2 High
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-56086 1 Dell 1 Powerprotect Data Domain 2026-07-16 8.8 High
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-53480 1 Dell 1 Powerprotect Data Domain 2026-07-16 2.7 Low
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification.
CVE-2026-50411 1 Microsoft 14 .net, Windows 10 1607, Windows 10 1809 and 11 more 2026-07-16 7.5 High
Stack-based buffer overflow in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-50355 1 Microsoft 9 .net, Windows 10 1607, Windows 10 1809 and 6 more 2026-07-16 7.5 High
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50324 1 Microsoft 8 .net, Windows 10 1607, Windows 10 1809 and 5 more 2026-07-16 5.9 Medium
Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
CVE-2026-50368 1 Microsoft 9 .net, Windows 10 1607, Windows 10 1809 and 6 more 2026-07-16 7.5 High
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-50304 1 Microsoft 9 .net, Windows 10 1607, Windows 10 1809 and 6 more 2026-07-16 7.5 High
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network.
CVE-2026-58643 1 Microsoft 1 Windows Admin Center 2026-07-16 6.1 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-50653 1 Microsoft 2 .net, Azure Active Directory 2026-07-16 7.5 High
Loop with unreachable exit condition ('infinite loop') in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-50652 1 Microsoft 2 .net, Azure Active Directory 2026-07-16 7.5 High
Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network.
CVE-2026-10706 1 Adalo No-code App Builder 1 App Builder 2026-07-16 7.5 High
In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing sensitive information to be exposed to unauthorized parties.
CVE-2026-15044 1 Redhat 1 Openshift Ai 2026-07-16 6.3 Medium
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models.
CVE-2026-32591 1 Redhat 3 Mirror Registry, Mirror Registry For Red Hat Openshift, Quay 2026-07-16 5.2 Medium
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.
CVE-2024-32385 2026-07-16 4.3 Medium
An issue in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 allows a remote attacker to obtain sensitive information via a boardID and revisionID components
CVE-2026-15129 1 Google 1 Chrome 2026-07-16 8.8 High
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-15133 1 Google 1 Chrome 2026-07-16 8.8 High
Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15109 1 Google 1 Chrome 2026-07-16 6.5 Medium
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2026-15111 1 Google 1 Chrome 2026-07-16 7.5 High
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)