Export limit exceeded: 363826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363826 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54424 | 1 Unity | 1 Parsec | 2026-07-07 | 8.4 High |
| An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable. | ||||
| CVE-2026-12195 | 2026-07-07 | N/A | ||
| myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta. | ||||
| CVE-2025-12799 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jbosseapxp, Red Hat Single Sign On | 2026-07-07 | 6.5 Medium |
| A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling. | ||||
| CVE-2026-48951 | 2026-07-07 | N/A | ||
| Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. | ||||
| CVE-2026-48953 | 2026-07-07 | N/A | ||
| Lack of escaping leads to an XSS vulnerability in the generic image output layout. | ||||
| CVE-2026-48948 | 2026-07-07 | N/A | ||
| An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. | ||||
| CVE-2026-48949 | 2026-07-07 | N/A | ||
| Lack of validation leads to an XSS vulnerability in the MFA management views. | ||||
| CVE-2026-48954 | 2026-07-07 | N/A | ||
| Improper validation leads to a generic XSS vector in the language override feature. | ||||
| CVE-2026-48955 | 2026-07-07 | N/A | ||
| An improper access check allows unauthorized users to access workflow stage and transition information. | ||||
| CVE-2026-48950 | 2026-07-07 | N/A | ||
| Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. | ||||
| CVE-2026-48957 | 2026-07-07 | N/A | ||
| An improper access check allows unauthorized users to access com_privacy datasets. | ||||
| CVE-2026-48958 | 2026-07-07 | N/A | ||
| An improper access check allows unauthorized users to create custom fields via webservices endpoints. | ||||
| CVE-2026-48956 | 2026-07-07 | N/A | ||
| An improper access check allows users to display a list of modules in the frontend. | ||||
| CVE-2026-9165 | 1 Redhat | 1 Advanced Cluster Security | 2026-07-07 | 7.7 High |
| A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane. | ||||
| CVE-2026-48947 | 2026-07-07 | N/A | ||
| An improper access check allows privileged users to overwrite media files without editing permissions. | ||||
| CVE-2026-48952 | 2026-07-07 | N/A | ||
| Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. | ||||
| CVE-2021-30004 | 1 W1.fi | 2 Hostapd, Wpa Supplicant | 2026-07-07 | 4.3 Medium |
| In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | ||||
| CVE-2026-42009 | 2 Gnu, Redhat | 26 Gnutls, Ai Inference Server, Discovery and 23 more | 2026-07-07 | 7.5 High |
| A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service. | ||||
| CVE-2026-42010 | 2 Gnu, Redhat | 15 Gnutls, Ai Inference Server, Discovery and 12 more | 2026-07-07 | 7.1 High |
| A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process. | ||||
| CVE-2022-30065 | 2 Busybox, Siemens | 13 Busybox, Scalance Sc622-2c, Scalance Sc622-2c Firmware and 10 more | 2026-07-07 | 7.8 High |
| A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | ||||