Export limit exceeded: 356120 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356120 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56121 | 2026-06-08 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-56120 | 2026-06-08 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-56123 | 2026-06-08 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-11500 | 1 Weaviate | 1 Weaviate | 2026-06-08 | 5 Medium |
| A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading to version 1.38.0-rc.0 is able to resolve this issue. The identifier of the patch is 40f2cc32279f0f8a51016c3c6870a2c0c808e6c0. You should upgrade the affected component. | ||||
| CVE-2026-3238 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-08 | 7.5 High |
| A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets. | ||||
| CVE-2026-11493 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-06-08 | 5 Medium |
| A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level is associated with this attack. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-11499 | 1 Tenda | 2 Hg10, Hg7hg9 | 2026-06-08 | 9.8 Critical |
| A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote. | ||||
| CVE-2026-11498 | 1 Tenda | 2 Hg10, Hg7hg9 | 2026-06-08 | 8.8 High |
| A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in stack-based buffer overflow. The attack is possible to be carried out remotely. | ||||
| CVE-2026-11497 | 1 D-link | 1 Dcs-5615 | 2026-06-08 | 5.3 Medium |
| A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-11494 | 1 Totolink | 1 Ac1200 T8 | 2026-06-08 | 4.3 Medium |
| A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-11492 | 1 D-link | 1 Dir-823g | 2026-06-08 | 4.3 Medium |
| A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-11491 | 1 Codeastro | 1 Human Resource Management System | 2026-06-08 | 2.4 Low |
| A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashik Mohamed')"> as part of POST leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-11490 | 1 Code-projects | 1 Online Music Site | 2026-06-08 | 7.3 High |
| A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2021-47982 | 2 Maxfoundry, Wordpress | 2 Wp-paginate, Wordpress | 2026-06-08 | 6.4 Medium |
| WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter that are stored and executed when administrators view the settings. | ||||
| CVE-2026-11488 | 1 Code-projects | 1 Simple Flight Ticket Booking System | 2026-06-08 | 7.3 High |
| A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-11487 | 1 Neovim | 1 Neovim | 2026-06-08 | 5.3 Medium |
| A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called f83e0dcaf8cf18de94828341b0a1a61a86c75baf. A patch should be applied to remediate this issue. | ||||
| CVE-2026-11486 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-06-08 | 7.3 High |
| A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2026-11485 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-06-08 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-34002 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-08 | 6.1 Medium |
| A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service. | ||||
| CVE-2026-11462 | 1 Chengdu Everbrite Network Technology | 2 Beike Shop, Beikeshop | 2026-06-08 | 7.3 High |
| A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue. | ||||