Total CVEs

143,818

Critical Severity

4,094

High Severity

14,786

Last 7 Days

1,526
Quick preset (or use dates below)
Clear Filters
Showing 1,781 - 1,800 of 143,818 CVEs
CVE-2026-14620 MEDIUM - 4.7

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any web...

Vendor: webpack-dev-server
Product: webpack-dev-server
Published: Jul 03, 2026
Source: NVD
CVE-2026-14615 MEDIUM - 4.3

A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows...

Vendor: Red Hat
Product: Red Hat Build of Keycloak
Published: Jul 03, 2026
Source: NVD
CVE-2026-14614 MEDIUM - 5.4

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Single Sign-On 7
Published: Jul 03, 2026
Source: NVD
CVE-2026-14613 MEDIUM - 4.3

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific &qu...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Single Sign-On 7
Published: Jul 03, 2026
Source: NVD
CVE-2026-14612 MEDIUM - 4.2

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 03, 2026
Source: NVD
CVE-2026-53478 HIGH - 7.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-49815 HIGH - 7.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-49814 HIGH - 7.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-49813 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-14460 HIGH - 8.8

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.

Vendor: TUBITAK BILGEM Software Technologies Research Institute
Product: pardus-software
Published: Jul 03, 2026
Source: NVD
CVE-2026-14459 HIGH - 8.8

Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.

Vendor: TUBITAK BILGEM Software Technologies Research Institute
Product: pardus-software
Published: Jul 03, 2026
Source: NVD

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with re...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46465 MEDIUM - 5.5

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46464 MEDIUM - 4.9

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vul...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46463 MEDIUM - 6.5

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker wi...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD

Authorization Bypass Through User-Controlled Key (CWE-639) in CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at GET /calendar/event/delete/{id}, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary cal...

Vendor: Roskus
Product: Prospero Flow CRM
Published: Jul 03, 2026
Source: NVD

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-56015 CRITICAL - 9.1

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add() passes the prefix string to the trie builder addPrefixToTrie() without checking it against the address width. addPrefixToTrie() then walks the prefix buffer by prefix_length bits, read...

Vendor: TPODER
Product: Net::IP::LPM
Published: Jul 03, 2026
Source: NVD
CVE-2026-54483 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46730 MEDIUM - 4.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD