Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,270
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 641 - 660 of 39,637 CVEs

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earli...

Vendor: djangoproject
Product: Django
Published: Jul 07, 2026
Source: NVD
CVE-2026-14940 MEDIUM - 5.3

A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can write past the end of a heap allocation while sorting RDN attrib...

Vendor: Red Hat
Product: Red Hat Directory Server 11, Red Hat Directory Server 12, Red Hat Directory Server 13, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 07, 2026
Source: NVD

A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the br...

Vendor: Digi International
Product: Digi PortServer TS, Digi One SP, Digi One SP IA, Digi One IA
Published: Jul 07, 2026
Source: NVD
CVE-2026-12352 MEDIUM - 5.9

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.

Vendor: Digi International
Product: PortServer TS 1/2/4, Digi One SP / SP IA / IA
Published: Jul 07, 2026
Source: NVD
CVE-2026-6101 HIGH - 7.5

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories a...

Published: Jul 07, 2026
Source: NVD
CVE-2026-53479 HIGH - 7.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 07, 2026
Source: NVD
CVE-2026-53483 CRITICAL - 9.8

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote acces...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 07, 2026
Source: NVD
CVE-2026-53481 CRITICAL - 9.8

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Trav...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 07, 2026
Source: NVD
CVE-2026-10659 MEDIUM - 4.7

The Dhara flash translation layer disk driver (drivers/disk/ftl_dhara.c) implemented the dhara_nand_ callbacks so that, on a flash error, the error code was written unconditionally through the caller-supplied dhara_error_t err pointer (e.g. *err = DHARA_E_ECC in dhara_nand_read, and similar in dhara...

Vendor: zephyrproject
Product: zephyr
Published: Jul 07, 2026
Source: NVD
CVE-2026-45016 MEDIUM - 6.5

EGroupware Vulnerable to Local File Inclusion via file:// URI in Mail Compose

Vendor: composer
Product: egroupware/egroupware
Published: Jul 07, 2026
Source: GitHub
CVE-2026-44512 MEDIUM - 5.5

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an ...

Vendor: pip
Product: onnx
Published: Jul 07, 2026
Source: GitHub
CVE-2026-44342 MEDIUM - 5.3

New API is vulnerable to CSRF through user email binding

Vendor: go
Product: github.com/QuantumNous/new-api
Published: Jul 07, 2026
Source: GitHub

EGroupware has Authenticated RCE via Malicious eTemplate Upload

Vendor: composer
Product: egroupware/egroupware
Published: Jul 07, 2026
Source: GitHub

XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+

Vendor: maven
Product: org.xwiki.platform:xwiki-platform-oldcore
Published: Jul 07, 2026
Source: GitHub
CVE-2026-33655 HIGH - 7.7

New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

Vendor: go
Product: github.com/QuantumNous/new-api
Published: Jul 07, 2026
Source: GitHub

EGroupware has a Remote Code Execution Vulnerability

Vendor: composer
Product: egroupware/egroupware
Published: Jul 07, 2026
Source: GitHub
CVE-2026-13696 HIGH - 8.8

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107.

Vendor: HAVELSAN Inc.
Product: Liman MYS
Published: Jul 07, 2026
Source: NVD
CVE-2026-11348 HIGH - 8.1

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107.

Vendor: HAVELSAN Inc.
Product: Liman MYS
Published: Jul 07, 2026
Source: NVD
CVE-2011-10043 CRITICAL - 9.8

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute a...

Vendor: BINGOS
Product: Module::Load
Published: Jul 07, 2026
Source: NVD
CVE-2026-11340 HIGH - 8.3

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107.

Vendor: HAVELSAN Inc.
Product: Liman MYS
Published: Jul 07, 2026
Source: NVD