Search

Search Results (366648 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54408 2026-07-15 8.6 High
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.
CVE-2026-50748 2026-07-15 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device.
CVE-2026-54404 2026-07-15 8.8 High
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVE-2026-50747 2026-07-15 9.9 Critical
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device.
CVE-2026-55111 1 Ubiquiti 1 Unifi Protect Floodlight 2026-07-15 7.5 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.
CVE-2026-55117 2026-07-15 8.6 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device.
CVE-2026-55116 2026-07-15 9 Critical
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
CVE-2026-50442 1 Microsoft 19 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 16 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-61862 1 Imagemagick 1 Imagemagick 2026-07-15 2.9 Low
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed (read past the profile boundary). This behavior occurs when debug output is enabled.
CVE-2026-61868 1 Imagemagick 1 Imagemagick 2026-07-15 3.7 Low
ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion (denial of service).
CVE-2026-58549 1 Huawei 1 Harmonyos 2026-07-15 4 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-58552 1 Huawei 1 Harmonyos 2026-07-15 5.1 Medium
Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-50429 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-15 8.2 High
Out-of-bounds read in Windows Kernel allows an unauthorized attacker to disclose information over a network.
CVE-2026-50405 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.8 High
Insufficient granularity of access control in Windows Filtering Platform (WFP) allows an authorized attacker to elevate privileges locally.
CVE-2026-49987 2026-07-15 N/A
Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection that bypasses validateGitUrl() dangerous parameter checks and can execute commands through local or SSH-style transports. This issue is fixed in version 1.14.1.
CVE-2026-50334 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Notification allows an authorized attacker to disclose information locally.
CVE-2026-48261 2026-07-15 5.4 Medium
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
CVE-2026-48253 2026-07-15 5.4 Medium
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
CVE-2026-50455 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 5.5 Medium
Use of uninitialized resource in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-50435 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2026-07-15 7.8 High
Buffer over-read in Windows Overlay Filter allows an authorized attacker to elevate privileges locally.