Common Vulnerabilities and Exposures (CVE)

CVE-2025-36328

Jul 1, 2026 15:46:08 UTC

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks ag...

CVE-2026-8480

Jul 1, 2026 15:45:32 UTC

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin por...

CVE-2025-36319

Jul 1, 2026 15:45:10 UTC

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.

CVE-2026-13706

Jul 1, 2026 15:44:29 UTC

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php.

CVE-2026-14101

Jul 1, 2026 15:42:32 UTC

Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security...

CVE-2026-44628

Jul 1, 2026 15:41:57 UTC

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.

CVE-2026-52868

Jul 1, 2026 15:41:24 UTC

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.

CVE-2026-35505

Jul 1, 2026 15:40:53 UTC

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.

CVE-2026-50254

Jul 1, 2026 15:40:16 UTC

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops ...

CVE-2026-50003

Jul 1, 2026 15:39:24 UTC

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

CVE-2026-48286

Jul 1, 2026 15:39:06 UTC

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does no...

CVE-2026-10562

Jul 1, 2026 15:38:52 UTC

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface.  An unauthenticated attacker can craft URLs containing URL-encoded path t...

CVE-2026-14102

Jul 1, 2026 15:38:42 UTC

Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

CVE-2026-13207

Jul 1, 2026 15:38:21 UTC

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing una...

CVE-2026-9132

Jul 1, 2026 15:37:50 UTC

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summ...