Export limit exceeded: 364308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364308 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44269 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-09 | 4.4 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. | ||||
| CVE-2026-54483 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-09 | 6.7 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2026-46467 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-09 | 5.8 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. | ||||
| CVE-2026-46466 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-09 | 2.7 Low |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. | ||||
| CVE-2026-49813 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-08 | 6.7 Medium |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. | ||||
| CVE-2026-54777 | 1 Corewcf | 1 Corewcf | 2026-07-08 | 6.5 Medium |
| CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListener startup between shared memory GUID publication and service named pipe creation. This issue is fixed in versions 1.8.1 and 1.9.1. | ||||
| CVE-2026-52718 | 2 Gstreamer Project, Redhat | 2 Gstreamer Plugin, Enterprise Linux | 2026-07-08 | 6.5 Medium |
| A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash. | ||||
| CVE-2026-57481 | 1 Parse Community | 1 Parse Server | 2026-07-08 | N/A |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery subscriber could receive object field values they were not authorized to read when a single save changed both an object field and the subscriber's ACL read access, because leave and enter events included the wrong object state. This issue is fixed in versions 9.9.1-alpha.13 and 8.6.83. | ||||
| CVE-2026-54773 | 1 Corewcf | 1 Corewcf | 2026-07-08 | 5.9 Medium |
| CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1. | ||||
| CVE-2026-52719 | 2 Gstreamer Project, Redhat | 2 Gstreamer Plugin, Enterprise Linux | 2026-07-08 | 7.1 High |
| An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure. | ||||
| CVE-2026-47646 | 1 Microsoft | 1 Dynamics 365 Customer Voice | 2026-07-08 | 9.3 Critical |
| Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-50656 | 1 Microsoft | 1 Malware Protection Engine | 2026-07-08 | 7.8 High |
| Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". | ||||
| CVE-2026-42824 | 1 Microsoft | 2 365 Copilot, Copilot | 2026-07-08 | 6.5 Medium |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42985 | 1 Microsoft | 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more | 2026-07-08 | 8.8 High |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-44801 | 1 Microsoft | 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more | 2026-07-08 | 7.5 High |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-44808 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-07-08 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44811 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-07-08 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42974 | 1 Microsoft | 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more | 2026-07-08 | 8.1 High |
| Integer overflow or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-42973 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-07-08 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42970 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-07-08 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||