Search

Search Results (367154 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-59841 1 Fortinet 1 Fortisiemwindowsagent 2026-07-17 6.9 Medium
A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via <insert attack vector here>
CVE-2026-59836 1 Fortinet 1 Forticlientems 2026-07-17 6.7 Medium
A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>
CVE-2026-23573 1 Fortinet 3 Fortios, Fortipam, Fortiproxy 2026-07-17 6.1 Medium
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.6, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiPAM 1.8.0, FortiPAM 1.7 all versions, FortiPAM 1.6 all versions, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.3, FortiProxy 7.2.0 through 7.2.9 may allow an authenticated remote user to execute code or commands via crafted requests.
CVE-2025-43892 1 Fortinet 1 Fortios 2026-07-17 4.1 Medium
A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow an authenticated remote attacker to return a portion of device memory in the redirect response via submitting a specially crafted request.
CVE-2026-62644 1 Roundcube 1 Webmail 2026-07-17 6.4 Medium
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.
CVE-2025-51677 1 Openrisc 1 Or1200 2026-07-17 N/A
An issue was discovered in openRISC OR1200 commit 83ac6b. An output mismatch between the RTL and the netlist of the or1200 cpu output port can lead to unexpected behavior.
CVE-2026-51833 1 Xenforo 1 Xenforo 2026-07-17 N/A
Xenforo 2.3.8 is vulnerable to SSRF. Attackers that have administrator privileges or are able to add/save RSS feeds can enumerate internal services (ports) or expose the original IP address of the server.
CVE-2026-54243 1 Statamic 1 Cms 2026-07-17 6.1 Medium
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula trigger character, such as =, +, -, or @, could be interpreted as a live formula when a Control Panel user opens the export in a spreadsheet application. Form submissions can come from unauthenticated front-end visitors, so the malicious value can be supplied by an anonymous user and is later triggered by an editor opening the export. This issue is fixed in versions 5.73.24 and 6.20.1.
CVE-2026-50197 1 Zalando 1 Skipper 2026-07-17 N/A
Skipper is an HTTP router and reverse proxy for service composition. Prior to 0.26.10, zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header, because the opaAuthorizeRequestWithBody filter and OpenPolicyAgentInstance.ExtractHttpBodyOptionally in filters/openpolicyagent/openpolicyagent.go produce an empty raw_body and input.parsed_body while the upstream service receives the full attacker-controlled body. This issue is fixed in version 0.26.10.
CVE-2026-48373 1 Adobe 1 Acrobat Reader 2026-07-17 7.8 High
Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-50289 1 Sebhildebrandt 1 Systeminformation 2026-07-17 N/A
systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces() on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces(5) source directive because lib/network.js checkLinuxDCHPInterfaces() reads /etc/network/interfaces, extracts a source <path> token from file content, and interpolates it unquoted into cat ${file} 2> /dev/null | grep 'iface\|source' executed by execSync(cmd, util.execOptsLinux), allowing a path containing shell metacharacters to execute commands in any process that calls networkInterfaces(), including via getStaticData() and getAllData(). This issue is fixed in version 5.31.7.
CVE-2026-44974 1 Hapijs 1 Content 2026-07-17 N/A
@hapi/content provided HTTP Content-* headers parsing. Prior to 6.0.2, Content.disposition() retained the last occurrence of each duplicate parameter while Content.type() retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another component in the request-processing chain resolves duplicates the opposite way. This can allow an upload filename allowlist bypass in headers such as Content-Disposition: form-data; name="file"; filename="safe.txt"; filename="shell.php". This issue is fixed in version 6.0.2.
CVE-2026-56171 1 Microsoft 2 Remote Desktop Web Client, Windows Admin Center 2026-07-17 7.1 High
Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-57108 2 Microsoft, Redhat 2 .net, Hummingbird 2026-07-17 7.5 High
Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-50650 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.8 High
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
CVE-2026-50649 2 Microsoft, Redhat 3 .net, Visual Studio 2026, Hummingbird 2026-07-17 7.8 High
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
CVE-2026-50648 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50646 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.8 High
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
CVE-2026-50528 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.2 High
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50527 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.