Search

Search Results (366539 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-57108 2 Microsoft, Redhat 2 .net, Hummingbird 2026-07-17 7.5 High
Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-55027 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-17 5.5 Medium
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-50650 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.8 High
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
CVE-2026-50649 2 Microsoft, Redhat 3 .net, Visual Studio 2026, Hummingbird 2026-07-17 7.8 High
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
CVE-2026-50648 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50646 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.8 High
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
CVE-2026-50528 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.2 High
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50527 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-50526 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7 High
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
CVE-2026-50525 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-56170 2 Microsoft, Redhat 2 .net, Hummingbird 2026-07-17 7.5 High
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-44891 1 Netty 1 Netty 2026-07-17 7.5 High
Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only restricts individual header lines. An attacker can send a large number of short headers that are accumulated in memory inside DefaultStompHeadersSubframe until the JVM throws an OutOfMemoryError, causing denial of service for servers exposing a STOMP endpoint based on StompSubframeDecoder. This issue is fixed in versions 4.1.136.Final and 4.2.16.Final.
CVE-2026-54244 1 Statamic 1 Cms 2026-07-17 3.5 Low
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareable Live Preview URL rendering it. This issue is fixed in versions 5.74.0 and 6.20.3.
CVE-2026-54242 1 Statamic 1 Cms 2026-07-17 4.9 Medium
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly routable, but resolved again when the image was actually fetched, so an attacker controlling the hostname's DNS could rebind it to an internal address after validation and cause the server to make HTTP requests to internal addresses, including loopback, private network, and cloud metadata endpoints. This affects sites that pass user-supplied URLs to Glide. This issue is fixed in versions 5.73.24 and 6.20.1.
CVE-2026-53727 1 Premailer 1 Css Parser 2026-07-17 N/A
css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering, or protection against link-local, loopback, or RFC-1918 addresses. Location: redirects were followed recursively back into the same function, which also serviced file:// URIs, so a single attacker-controlled HTTP redirect could upgrade the bug from SSRF to arbitrary local file disclosure. Any consumer of css_parser that hands it attacker-influenced CSS together with a base_uri: option is exposed. This issue is fixed in version 3.0.0.
CVE-2026-47304 1 Microsoft 3 .net, Visual Studio 2022, Visual Studio 2026 2026-07-17 8.1 High
Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-57980 1 Microsoft 1 Edge Chromium 2026-07-17 5.4 Medium
Authentication bypass using an alternate path or channel in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform tampering over a network.
CVE-2026-50524 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-47303 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 8.8 High
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
CVE-2026-47302 2 Microsoft, Redhat 4 .net, Visual Studio 2022, Visual Studio 2026 and 1 more 2026-07-17 7.5 High
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.