Common Vulnerabilities and Exposures (CVE)

CVE-2026-13374

Jul 2, 2026 23:05:13 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigat...

CVE-2026-13373

Jul 2, 2026 23:05:00 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated ...

CVE-2026-13371

Jul 2, 2026 23:04:42 UTC

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.

CVE-2026-54998

Jul 2, 2026 22:18:58 UTC

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

CVE-2026-41106

Jul 2, 2026 22:18:57 UTC

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-26145

Jul 2, 2026 22:18:56 UTC

Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.

CVE-2026-45499

Jul 2, 2026 22:18:56 UTC

Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.

CVE-2026-57100

Jul 2, 2026 22:18:55 UTC

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

CVE-2026-50721

Jul 2, 2026 21:44:09 UTC

Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote...

CVE-2026-6845

Jul 2, 2026 21:35:38 UTC

A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (EL...

CVE-2026-12912

Jul 2, 2026 21:35:15 UTC

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT_8BITABGR output ...

CVE-2026-50722

Jul 2, 2026 21:34:41 UTC

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote attacker can use...

CVE-2026-12413

Jul 2, 2026 21:19:22 UTC

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but st...

CVE-2026-38972

Jul 2, 2026 20:48:56 UTC

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, which allows a local attacker to place...

CVE-2026-38970

Jul 2, 2026 20:44:29 UTC

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without ...