Export limit exceeded: 360965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360965 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12821 | 1 Flowiseai | 1 Flowise | 2026-06-22 | 6.3 Medium |
| A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-30798 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-06-22 | 7.5 High |
| Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop. This issue affects RustDesk Client: through 1.4.8. | ||||
| CVE-2026-30792 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-06-22 | 8.1 High |
| A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.8. | ||||
| CVE-2026-30796 | 6 Apple, Linux, Microsoft and 3 more | 6 Macos, Linux Kernel, Windows and 3 more | 2026-06-22 | 7.5 High |
| Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Address book sync, Heartbeat sync loop modules) allows Sniffing Attacks. The client places the preset address-book password verbatim into the heartbeat sync JSON body (src/hbbs_http/sync.rs). Over an intact HTTPS session it is not exposed in transit, but it is a reusable shared secret rather than a zero-knowledge proof, so it is recovered by any party that becomes the API endpoint - under the automatic invalid-certificate TLS downgrade (CVE-2026-30794) or a re-homed/rogue API server (CVE-2026-30797) - and the leaked credential then authorizes the server-side address book. This vulnerability is associated with program files src/hbbs_http/sync.rs and program routines heartbeat sync body builder (emits preset-address-book-password). This issue affects RustDesk Client: through 1.4.8. | ||||
| CVE-2026-30784 | 2 Rustdesk, Rustdesk-server | 3 Rustdesk Server, Rustdesk Server, Rustdesk Server Pro | 2026-06-22 | 9.8 Critical |
| This CVE ID has been withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-12845 | 2026-06-21 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2025-10560 | 1 Silver Leaf Technologies | 1 Worksnaps | 2026-06-21 | N/A |
| Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources. | ||||
| CVE-2026-34895 | 2 Webgeniuslab, Wordpress | 2 Softlab Core, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions. | ||||
| CVE-2026-39438 | 2 Emraan Cheema, Wordpress | 2 Listingpro, Wordpress | 2026-06-20 | 9.3 Critical |
| Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions. | ||||
| CVE-2026-39443 | 2 Presslayouts, Wordpress | 2 Emallshop, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions. | ||||
| CVE-2026-39446 | 2 Presslayouts, Wordpress | 2 Kapee, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions. | ||||
| CVE-2026-39529 | 2 Themerex Group, Wordpress | 2 Elementra, Wordpress | 2026-06-20 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions. | ||||
| CVE-2026-39548 | 2 Sneeit, Wordpress | 2 Magone, Wordpress | 2026-06-20 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions. | ||||
| CVE-2026-40736 | 2 Edge-themes, Wordpress | 2 Laurits, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions. | ||||
| CVE-2026-40760 | 2 Edge-themes, Wordpress | 2 Behold, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Behold <= 1.5 versions. | ||||
| CVE-2026-40761 | 2 Edge-themes, Wordpress | 2 Valeska, Wordpress | 2026-06-20 | 8.1 High |
| Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions. | ||||
| CVE-2026-49057 | 2 Eyecix Technologies, Wordpress | 2 Jobsearch, Wordpress | 2026-06-20 | 7.5 High |
| Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions. | ||||
| CVE-2026-49080 | 2 Tms, Wordpress | 2 Wpdatatables, Wordpress | 2026-06-20 | 9.3 Critical |
| Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions. | ||||
| CVE-2026-49113 | 2 Themeco, Wordpress | 2 Cornerstone, Wordpress | 2026-06-20 | 8.5 High |
| Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions. | ||||
| CVE-2026-48055 | 1 Truelockmc | 1 Streambert | 2026-06-20 | 10 Critical |
| Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction, allowing a malicious archive to perform path traversal and write arbitrary files to the host filesystem. The subtitle extraction process downloads a ZIP archive and extracts its entries. The destination file path is constructed by concatenating the raw archive entry name (extracted.name) directly to the temporary directory path. If a malicious ZIP archive containing directory traversal sequences is processed, it escapes the temporary directory boundaries. The application then writes the extracted payload anywhere on the host filesystem subject to the application's current write permissions. This issue has been fixed in version 2.5.0. | ||||