Export limit exceeded: 358839 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358839 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12105 | 1 Devolutions | 1 Devolutions Server | 2026-06-16 | N/A |
| Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions. | ||||
| CVE-2026-48777 | 1 Gtsteffaniak | 1 Filebrowser | 2026-06-16 | N/A |
| FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta. | ||||
| CVE-2026-0141 | 1 Google | 1 Android | 2026-06-16 | 4.3 Medium |
| In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0158 | 1 Google | 1 Android | 2026-06-16 | 3.3 Low |
| In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-48294 | 2026-06-16 | 7.4 High | ||
| Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | ||||
| CVE-2026-12328 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-16 | 8.1 High |
| Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-0133 | 1 Google | 1 Android | 2026-06-16 | 7.8 High |
| In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-12329 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-16 | 5.3 Medium |
| Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. | ||||
| CVE-2026-49113 | 2026-06-16 | 8.5 High | ||
| Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions. | ||||
| CVE-2026-49080 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions. | ||||
| CVE-2026-49057 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions. | ||||
| CVE-2026-40761 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions. | ||||
| CVE-2026-40760 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Behold <= 1.5 versions. | ||||
| CVE-2026-40759 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Esmée <= 1.4 versions. | ||||
| CVE-2026-40758 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions. | ||||
| CVE-2026-40755 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in TechLink <= 1.3 versions. | ||||
| CVE-2026-40751 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions. | ||||
| CVE-2026-40736 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions. | ||||
| CVE-2026-39580 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions. | ||||
| CVE-2026-39578 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Valiance <= 1.2 versions. | ||||