Total CVEs

143,746

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,549
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,701 - 1,720 of 40,151 CVEs
CVE-2026-12481 HIGH - 8.8

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is ...

Vendor: keras-team
Product: keras-team/keras
Published: Jul 03, 2026
Source: NVD
CVE-2026-14608 MEDIUM - 4.3

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=view_student of the component POST Handler. The manipulation of the argument ID leads to authorization byp...

Vendor: SourceCodester
Product: CET Automated Grading System with AI Predictive Analytics
Published: Jul 03, 2026
Source: NVD
CVE-2026-14607 MEDIUM - 5.5

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

Product: RT-Thread
Published: Jul 03, 2026
Source: NVD
CVE-2026-14606 HIGH - 7.8

A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipulation results in stack-based buffer overflow. The atta...

Product: RT-Thread
Published: Jul 03, 2026
Source: NVD
CVE-2026-14605 HIGH - 7.8

A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach thi...

Product: RT-Thread
Published: Jul 03, 2026
Source: NVD
CVE-2026-58379 HIGH - 7.3

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs becaus...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 03, 2026
Source: NVD
CVE-2026-14604 MEDIUM - 6.3

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The expl...

Vendor: Open Asset Import Library
Product: Assimp
Published: Jul 03, 2026
Source: NVD
CVE-2026-14631 MEDIUM - 5.3

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exc...

Vendor: webpack-dev-server
Product: webpack-dev-server
Published: Jul 03, 2026
Source: NVD
CVE-2026-14620 MEDIUM - 4.7

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any web...

Vendor: webpack-dev-server
Product: webpack-dev-server
Published: Jul 03, 2026
Source: NVD
CVE-2026-14615 MEDIUM - 4.3

A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows...

Vendor: Red Hat
Product: Red Hat Build of Keycloak
Published: Jul 03, 2026
Source: NVD
CVE-2026-14614 MEDIUM - 5.4

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Single Sign-On 7
Published: Jul 03, 2026
Source: NVD
CVE-2026-14613 MEDIUM - 4.3

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific &qu...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Single Sign-On 7
Published: Jul 03, 2026
Source: NVD
CVE-2026-14612 MEDIUM - 4.2

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 03, 2026
Source: NVD
CVE-2026-53478 HIGH - 7.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-49815 HIGH - 7.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-49814 HIGH - 7.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-49813 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-14460 HIGH - 8.8

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.

Vendor: TUBITAK BILGEM Software Technologies Research Institute
Product: pardus-software
Published: Jul 03, 2026
Source: NVD
CVE-2026-14459 HIGH - 8.8

Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.

Vendor: TUBITAK BILGEM Software Technologies Research Institute
Product: pardus-software
Published: Jul 03, 2026
Source: NVD

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with re...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD