Common Vulnerabilities and Exposures (CVE)

CVE-2017-15680

Jul 8, 2026 23:38:09 UTC

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.

CVE-2026-52718

Jul 8, 2026 23:34:17 UTC

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchroniza...

CVE-2026-15135

Jul 8, 2026 23:30:09 UTC

A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /edit_food_items.php. The manipulation of the argument update results in sql injection. It is possible to launch the...

CVE-2026-52722

Jul 8, 2026 23:27:45 UTC

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds rea...

CVE-2026-52720

Jul 8, 2026 23:27:38 UTC

A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends...

CVE-2026-52719

Jul 8, 2026 23:27:33 UTC

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick...

CVE-2026-47646

Jul 8, 2026 23:24:43 UTC

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-50656

Jul 8, 2026 23:24:42 UTC

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ".

CVE-2026-42980

Jul 8, 2026 23:24:41 UTC

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-45638

Jul 8, 2026 23:24:41 UTC

Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-47645

Jul 8, 2026 23:24:40 UTC

Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-48582

Jul 8, 2026 23:24:40 UTC

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-48579

Jul 8, 2026 23:24:39 UTC

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

CVE-2026-48567

Jul 8, 2026 23:24:38 UTC

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-42824

Jul 8, 2026 23:24:38 UTC

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.