Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,531
Quick preset (or use dates below)
Clear Filters
Showing 1,421 - 1,440 of 143,793 CVEs
CVE-2025-53830 CRITICAL - 9.1

Anti-Virus for ownCloud is an anti-virus application for file storage, synchronization, and sharing application ownCloud. Versions of Anti-Virus for ownCloud before 1.2.3 are vulnerable to Server-Side Request Forgery (SSRF). This corresponds to versions of ownCloud 10 prior to 10.15.3. Upgrade ownCl...

Vendor: owncloud
Product: Anti-Virus for ownCloud, ownCloud 10
Published: Jul 06, 2026
Source: NVD
CVE-2025-53829 HIGH - 8.0

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive a p...

Vendor: owncloud
Product: ownCloud 10
Published: Jul 06, 2026
Source: NVD
CVE-2025-53828 HIGH - 8.5

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use a ...

Vendor: owncloud
Product: SharePoint, ownCloud 10
Published: Jul 06, 2026
Source: NVD
CVE-2025-53827 CRITICAL - 9.1

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage functi...

Vendor: owncloud
Product: ownCloud Core
Published: Jul 06, 2026
Source: NVD

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the sco...

Published: Jul 06, 2026
Source: NVD
CVE-2026-58380 HIGH - 7.3

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 06, 2026
Source: NVD

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path (/users/{from}/sendMail) without percent-encoding or validation. In applications that derive the from ad...

Vendor: swoosh
Product: swoosh
Published: Jul 06, 2026
Source: NVD
CVE-2026-13698 HIGH - 7.5

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service

Vendor: OpenVPN
Product: OpenVPN
Published: Jul 06, 2026
Source: NVD
CVE-2026-13708 HIGH - 7.5

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol. i_readjpeg_wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with *iptc_itext = mymalloc(...) and overwrites the previou...

Vendor: TONYC
Product: Imager::File::JPEG
Published: Jul 06, 2026
Source: NVD
CVE-2026-13705 HIGH - 7.1

Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in read_rgb_16_rle. read_rgb_16_rle guards each literal run with if (count > data_left), but count is a pixel count while every 16-bit sample consumes two byt...

Vendor: TONYC
Product: Imager
Published: Jul 06, 2026
Source: NVD

A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd_del_entry of the file src/isomedia/box_code_base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. The e...

Product: GPAC
Published: Jul 06, 2026
Source: NVD

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf_isom_nalu_sample_rewrite of the file src/isomedia/avc_ext.c of the component MP4Box. This manipulation of the argument nalu_out_bs causes double free. It is possible to launch the attack on the local hos...

Product: GPAC
Published: Jul 06, 2026
Source: NVD
CVE-2026-6901 HIGH - 7.7

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.

Published: Jul 06, 2026
Source: NVD
CVE-2026-6900 HIGH - 7.4

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.

Published: Jul 06, 2026
Source: NVD

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets. 'Elixir.HPAX.Types'...

Vendor: elixir-mint
Product: hpax
Published: Jul 06, 2026
Source: NVD

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP...

Vendor: elixir-mint
Product: mint
Published: Jul 06, 2026
Source: NVD
CVE-2026-4249 HIGH - 8.6

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition. ...

Vendor: wso2
Product: api_control_plane
Published: Jul 06, 2026
Source: NVD
CVE-2026-49297 HIGH - 8.1

Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucke...

Vendor: Apache Software Foundation
Product: Apache Airflow Google provider
Published: Jul 06, 2026
Source: NVD
CVE-2026-49042 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-46588 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD