Search

Search Results (363555 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-38972 1 Rizonesoft 1 Notepad3 2026-07-06 7.8 High
Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the context of the user when the About dialog is opened.
CVE-2026-54263 1 Wagtail 1 Wagtail 2026-07-06 7.3 High
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could craft a URL that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is present for all sites, even if they do not enable the dynamic image serve view. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
CVE-2026-55661 2026-07-06 N/A
Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into href/src and executes when the content is viewed. Any actor able to author rich-text content (for example a lower-privileged editor, or imported/external content) can achieve stored XSS against editors and site viewers. This issue is fixed in versions @tinacms/mdx 2.1.7 and tinacms 3.9.3.
CVE-2025-53827 2026-07-06 9.1 Critical
ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage functionality to execute arbitrary code. This issue has been fixed in version 10.15.3.
CVE-2026-52830 2026-07-06 9.4 Critical
fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP client can therefore authenticate as the default legacy session with a token such as ../fast-mcp-telegram/telegram when the documented default session file ~/.config/fast-mcp-telegram/telegram.session exists. This bypasses the reserved session name control that is intended to prevent HTTP multi-user sessions from colliding with the default stdio or legacy account. With account-prefixed MCP tools enabled, the attacker still sees and calls the prefixed tools for the default account, so the prefix middleware does not stop the session selection bypass. This vulnerability is fixed in 0.19.1.
CVE-2026-13384 1 Watchguard 1 Fireware Os 2026-07-06 N/A
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2.
CVE-2026-13383 1 Watchguard 1 Fireware Os 2026-07-06 N/A
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2.
CVE-2026-52188 1 Utt 1 Nv518g 2026-07-06 6.5 Medium
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead//sub_497498 component
CVE-2026-14385 1 Google 1 Chrome 2026-07-06 8.8 High
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14404 1 Google 1 Chrome 2026-07-06 6.5 Medium
Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium)
CVE-2026-14409 1 Google 1 Chrome 2026-07-06 7.5 High
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-14412 1 Google 1 Chrome 2026-07-06 8.3 High
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14414 1 Google 1 Chrome 2026-07-06 5.3 Medium
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14391 1 Google 1 Chrome 2026-07-06 5.3 Medium
Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13705 1 Tonyc 1 Imager 2026-07-06 N/A
Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in read_rgb_16_rle. read_rgb_16_rle guards each literal run with if (count > data_left), but count is a pixel count while every 16-bit sample consumes two bytes. The copy loop reads inp[0] * 256 + inp[1] and advances two bytes per pixel, so a run with data_left / 2 < count <= data_left passes the guard yet consumes 2 * count bytes and reads past the end of the buffer. The 8-bit path is unaffected because there one pixel is one byte. Reading a crafted SGI image through Imager->read triggers the over-read before the parser rejects the malformed image, which can crash the process.
CVE-2026-58282 1 Microsoft 1 Edge Chromium 2026-07-06 8.1 High
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58300 1 Microsoft 1 Edge Chromium 2026-07-06 6.2 Medium
Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVE-2026-44268 1 Dell 1 Powerprotect Data Domain 2026-07-06 4.4 Medium
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-10054 1 Eclipse 1 Theia 2026-07-06 8.8 High
In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header is missing or when no THEIA_HOSTS allowlist is configured (the default). The Socket.IO integration additionally replaces the real Origin header with a client-supplied fix-origin header that an attacker can control or omit. As a result, a foreign-origin web page visited by a user with a running Theia instance can open the /services WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication. A fix is in development that enforces same-origin validation by default, removes trust in the fix-origin header, gates HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitizes shell terminal creation options.
CVE-2026-14389 1 Google 1 Chrome 2026-07-06 8.3 High
Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)