Search

Search Results (367088 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-58550 1 Huawei 1 Harmonyos 2026-07-17 4 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58552 1 Huawei 1 Harmonyos 2026-07-17 5.1 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58553 1 Huawei 1 Harmonyos 2026-07-17 4 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58555 1 Huawei 1 Harmonyos 2026-07-17 6.6 Medium
Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-58554 1 Huawei 2 Emui, Harmonyos 2026-07-17 6.6 Medium
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58557 1 Huawei 1 Harmonyos 2026-07-17 4.8 Medium
Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-58556 2026-07-17 5.1 Medium
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-58558 2026-07-17 7.8 High
Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-56087 2026-07-17 6.1 Medium
Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data.
CVE-2026-56687 2026-07-17 7.8 High
Dell ThinOS 10, versions prior to 2605_10.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
CVE-2026-15395 2 Wordpress, Wpchill 2 Wordpress, Kali Forms — Contact Form & Drag-and-drop Builder 2026-07-17 7.2 High
The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'digitalSignature' Field Value in all versions up to, and including, 2.4.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The required form-submission nonce is publicly available on any page containing the form shortcode, making this exploitable by fully unauthenticated attackers without any precondition beyond the form being published.
CVE-2025-45868 2026-07-17 N/A
LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to blind SQL injection in the ComparisonServlet component, allowing authenticated user to manipulate SQL queries via crafted input.
CVE-2026-22752 2026-07-17 9.6 Critical
Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10.
CVE-2026-6511 1 Lenovo 1 Smart Connect 2026-07-17 5.5 Medium
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system.
CVE-2026-13103 1 Lenovo 1 App Store 2026-07-17 7.3 High
A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.
CVE-2026-13104 1 Lenovo 1 App Store 2026-07-17 7.3 High
A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges.
CVE-2026-14371 1 Lenovo 1 Xclarity Integrator For Microsoft Windows Admin Center 2026-07-17 N/A
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.
CVE-2026-10588 1 Lenovo 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more 2026-07-17 4.4 Medium
A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.
CVE-2026-10589 2026-07-17 6 Medium
A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode.
CVE-2026-10590 1 Lenovo 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more 2026-07-17 4.4 Medium
A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.