Export limit exceeded: 361184 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361184 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9086 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-06-26 | 7.3 High |
| A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-Site Scripting (XSS) vulnerability allows for arbitrary code execution in the Keycloak origin when a victim clicks the crafted link, such as in the logout flow or the Admin Console. | ||||
| CVE-2026-9705 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-06-26 | 6.5 Medium |
| A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker to reset the client's secret and potentially regain privileged API access. The primary impact includes unauthorized information disclosure and potential integrity compromise. | ||||
| CVE-2026-57700 | 2 Daan.dev, Wordpress | 2 Omgf Pro, Wordpress | 2026-06-26 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6. | ||||
| CVE-2026-56766 | 1 Vanhauser-thc | 1 Thc-hydra | 2026-06-26 | 8.8 High |
| Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling remote code execution on systems without stack protection. | ||||
| CVE-2026-56768 | 1 Haiwen | 1 Seahub | 2026-06-26 | 8.8 High |
| Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory trees. | ||||
| CVE-2026-56770 | 1 Schwehr | 1 Libais | 2026-06-26 | 7.5 High |
| libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption. | ||||
| CVE-2026-56771 | 1 Samuelclay | 1 Newsblur | 2026-06-26 | 8.5 High |
| NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and cloud metadata endpoints, enabling internal network scanning and sensitive data exfiltration. | ||||
| CVE-2026-56772 | 1 Samuelclay | 1 Newsblur | 2026-06-26 | 4.3 Medium |
| NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary user_id values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate user_id values to access another user's follows, replies, and social activity without authorization. | ||||
| CVE-2026-56786 | 1 Tomojitakasu | 1 Rtklib | 2026-06-26 | 9.8 Critical |
| RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream can craft a valid CRC-bearing type-1033 message to corrupt adjacent rtcm_t object members, potentially achieving arbitrary code execution or denial of service. | ||||
| CVE-2026-56787 | 1 Tomojitakasu | 1 Rtklib | 2026-06-26 | 6.5 Medium |
| RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit this vulnerability by sending malicious SSR correction streams over NTRIP or serial connections to cause denial of service or crash RTKLIB rovers and CORS servers. | ||||
| CVE-2026-56788 | 1 Tomojitakasu | 1 Rtklib | 2026-06-26 | 4.4 Medium |
| RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table, resulting in reliable crashes and potential memory disclosure of adjacent global data. | ||||
| CVE-2026-56789 | 1 Tomojitakasu | 1 Rtklib | 2026-06-26 | 6.5 Medium |
| RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST. | ||||
| CVE-2026-56790 | 1 Canboat | 1 Canboat | 2026-06-26 | 7.3 High |
| CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service. | ||||
| CVE-2026-2299 | 1 Mattermost | 1 Mattermost Google Drive Plugin | 2026-06-26 | 4.2 Medium |
| The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership. | ||||
| CVE-2026-46601 | 1 Golang | 1 Image | 2026-06-26 | N/A |
| The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. | ||||
| CVE-2026-46602 | 1 Golang | 1 Image | 2026-06-26 | N/A |
| The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption. | ||||
| CVE-2026-12473 | 1 Open Health Imaging Foundation | 1 Dicom Web Viewer Framework | 2026-06-26 | 8.2 High |
| Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted. | ||||
| CVE-2026-56445 | 1 Pydicom | 1 Pynetdicom Library | 2026-06-26 | 9.1 Critical |
| The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths. | ||||
| CVE-2026-44622 | 1 Evoke | 1 Evoke Csms | 2026-06-26 | 6.5 Medium |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | ||||
| CVE-2026-54479 | 1 Evoke | 1 Evoke Csms | 2026-06-26 | 7.3 High |
| The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests. | ||||