Total CVEs

145,845

Critical Severity

4,280

High Severity

15,756

Last 7 Days

2,244
Quick preset (or use dates below)
Clear Filters
Showing 5,361 - 5,380 of 145,845 CVEs
CVE-2026-13751 CRITICAL - 9.6

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination....

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13591 MEDIUM - 5.0

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A h...

Vendor: DeepMyst
Product: Mysti
Published: Jun 29, 2026
Source: NVD
CVE-2026-13590 MEDIUM - 5.6

A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. The manipulation of the argument length results in heap-based buffer overflow. The attack ca...

Vendor: seladb
Product: PcapPlusPlus
Published: Jun 29, 2026
Source: NVD
CVE-2026-13589 MEDIUM - 5.6

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated re...

Vendor: seladb
Product: PcapPlusPlus
Published: Jun 29, 2026
Source: NVD
CVE-2026-13588 MEDIUM - 5.6

A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to heap-...

Vendor: seladb
Product: PcapPlusPlus
Published: Jun 29, 2026
Source: NVD
CVE-2026-12912 HIGH - 7.3

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output format and a specific stride value, leading to a heap-based ...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images
Published: Jun 29, 2026
Source: NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: Jun 29, 2026
Source: NVD
CVE-2026-9105 MEDIUM - 6.5

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Succ...

Vendor: tp-link
Product: tl-wr841n_firmware
Published: Jun 29, 2026
Source: NVD
CVE-2026-41052 CRITICAL - 8.4

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

Vendor: SUSE
Product: Rancher
Published: Jun 29, 2026
Source: NVD
CVE-2026-13750 MEDIUM - 5.5

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as passw...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13749 HIGH - 8.8

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generated P...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13748 MEDIUM - 6.3

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended pro...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13746 MEDIUM - 5.4

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the conte...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13744 HIGH - 8.8

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in t...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends updating...

Vendor: Honeywell Technologies
Product: IQ MultiAccess
Published: Jun 29, 2026
Source: NVD

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to i...

Vendor: seladb
Product: PcapPlusPlus
Published: Jun 29, 2026
Source: NVD
CVE-2026-13583 HIGH - 8.8

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The expl...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13582 HIGH - 8.8

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13581 MEDIUM - 6.3

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. ...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13580 HIGH - 8.8

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD