Search

Search Results (365639 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55948 1 Microsoft 8 365 Apps, Excel 2016, Office 2019 and 5 more 2026-07-14 7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-55002 1 Microsoft 5 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 2 more 2026-07-14 7.8 High
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-15757 2026-07-14 N/A
A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the device. This issue was identified through testing in a controlled research environment using a simulated version of the router's software and has not been confirmed on physical production devices.
CVE-2026-62656 2026-07-14 N/A
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation.
CVE-2026-62655 2026-07-14 N/A
A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or restart unexpectedly, disrupting network connectivity and making the device temporarily unavailable.
CVE-2026-62657 2026-07-14 N/A
A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device.
CVE-2026-62658 2026-07-14 N/A
A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to the device to run unauthorized commands or code on the router.
CVE-2026-14394 1 Google 1 Chrome 2026-07-14 8.8 High
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-52188 1 Utt 1 Nv518g 2026-07-14 6.5 Medium
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead//sub_497498 component
CVE-2026-38968 1 Ntop 1 Ntopng 2026-07-14 9.8 Critical
ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.
CVE-2026-38970 2026-07-14 7.5 High
pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without enforcing a maximum nesting depth.
CVE-2026-59199 1 Python-pillow 1 Pillow 2026-07-14 7.5 High
Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or Image.alpha_composite(). This issue is fixed in version 12.3.0.
CVE-2026-59203 1 Python-pillow 1 Pillow 2026-07-14 5.3 Medium
Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek backwards to the same directive and parse it repeatedly in an infinite loop. This issue is fixed in version 12.3.0.
CVE-2026-62641 1 Roundcube 1 Webmail 2026-07-14 4.3 Medium
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size.
CVE-2026-59205 1 Python-pillow 1 Pillow 2026-07-14 7.5 High
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the transform's declared output mode. This issue is fixed in version 12.3.0.
CVE-2026-62643 1 Roundcube 1 Webmail 2026-07-14 7.2 High
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. NOTE: this issue exists because of insufficient fixes for CVE-2026-35540 and CVE-2026-48843.
CVE-2026-62644 1 Roundcube 1 Webmail 2026-07-14 6.4 Medium
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.
CVE-2026-59885 2026-07-14 7.5 High
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the BER, CER, and DER decoders process OBJECT IDENTIFIER and RELATIVE-OID values in quadratic time relative to the number of arcs, so a small crafted payload containing an OID with many arcs consumes excessive CPU per decode() call and can deny service to applications that decode untrusted ASN.1 data. The corresponding encoders have the same quadratic behavior when an application re-encodes previously decoded attacker-supplied values. This issue is fixed in version 0.6.4.
CVE-2026-11578 2026-07-14 N/A
The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms.
CVE-2026-9127 1 Rockwellautomation 1 Studio 5000 Logix Designer 2026-07-14 N/A
A remote code execution security issue exists within Studio 5000 Logix Designer® due to incorrect authorization on a configuration file. This can allow any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could alter the configuration to point to a malicious executable, resulting in arbitrary code execution when any user interacts with the external tools functionality.