Export limit exceeded: 15801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15801 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8389 | 1 Mozilla | 1 Firefox | 2026-06-05 | 8.8 High |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. | ||||
| CVE-2026-11242 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-05 | 7.5 High |
| Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-8276 | 1 Patika Global Technologies | 1 Humansuite | 2026-06-05 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Patika Global Technologies HumanSuite allows Cross-Site Scripting (XSS), Phishing. This issue affects HumanSuite: before 53.21.0. | ||||
| CVE-2026-36612 | 1 Mercusys | 1 Ac12g | 2026-06-05 | 6.4 Medium |
| Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts). | ||||
| CVE-2026-36616 | 1 Mercusys | 1 Ac12g | 2026-06-05 | 5.9 Medium |
| Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary. | ||||
| CVE-2026-5078 | 2 Morgan, Morgan Project | 2 Morgan, Morgan | 2026-06-05 | 5.3 Medium |
| Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF bytes to inject forged log lines, breaking the one-request-per-line structure of access logs and enabling log forgery against downstream log consumers. The built-in combined, common, default, and short formats are affected, as well as any custom format that references :remote-user. Affected versions: morgan 1.2.0 through 1.10.1. Patches: upgrade to morgan 1.11.0, which neutralizes control characters in the :remote-user token output. Workarounds: use a custom format string that does not include :remote-user. | ||||
| CVE-2026-7764 | 2 Morse Micro, Morsemicro | 2 Halowlink 2, Halow Link 2 | 2026-06-05 | 6.8 Medium |
| An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service (kernel oops/panic) via a crafted 802.11ah beacon or probe response frame containing a malformed Vendor Information Element. The function morse_vendor_find_vendor_ie() does not validate the IE length against the expected structure size before its result is passed to morse_vendor_rx_caps_ops_ie() and morse_vendor_fill_sta_vendor_info(), which read at fixed offsets into the IE data. Because the length check only requires the IE to be longer than 3 bytes, an attacker can supply an undersized IE, causing a heap out-of-bounds read of up to 9 bytes. No authentication, association, or user interaction is required. | ||||
| CVE-2026-3644 | 1 Python | 2 Cpython, Python | 2026-06-04 | 7.5 High |
| The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output(). | ||||
| CVE-2026-45570 | 2 Go-git, Go-git Project | 2 Go-git, Go-git | 2026-06-04 | 9.6 Critical |
| go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containing a single quote can therefore break out of the quoted region in the exec command and be appended as additional shell tokens. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4. | ||||
| CVE-2026-10701 | 1 Mozilla | 1 Firefox | 2026-06-04 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. | ||||
| CVE-2026-10270 | 2 D-link, Dlink | 3 Di-7001 Mini, Di-7001mini-8g, Di-7001mini-8g Firmware | 2026-06-03 | 8.8 High |
| A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-38967 | 1 Crowcpp | 1 Crow | 2026-06-03 | 9.8 Critical |
| CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values. | ||||
| CVE-2026-10064 | 1 Trendnet | 2 Tew-432brp, Tew-432brp Firmware | 2026-06-03 | 6.3 Medium |
| A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-10122 | 1 Trendnet | 1 Tew-432brp | 2026-06-03 | 8.8 High |
| A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-10194 | 1 Offis | 1 Dcmtk | 2026-06-03 | 6.3 Medium |
| A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. This patch is called 0f78a4ef6f645ea5530166e445e5436a5de58e75. A patch should be applied to remediate this issue. | ||||
| CVE-2026-42321 | 1 Glpi-project | 1 Glpi | 2026-06-03 | N/A |
| GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch. | ||||
| CVE-2026-10233 | 1 Assimp | 1 Assimp | 2026-06-03 | 3.3 Low |
| A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug. | ||||
| CVE-2026-45679 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 6.5 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis systems. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-48598 | 1 Elixir-tesla | 1 Tesla | 2026-06-03 | N/A |
| Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part_headers_for_disposition/1 interpolates each disposition parameter as #{k}="#{v}" with no validation of CR (\r), LF (\n), or double-quote characters. The values come verbatim from the caller via Tesla.Multipart.add_field/4 (the name parameter), Tesla.Multipart.add_file/3, and Tesla.Multipart.add_file_content/4 (both the filename parameter and other disposition opts). A " in the value closes the quoted parameter early; a \r\n ends the Content-Disposition header line and starts a new part header (such as a forged Content-Type), or, after a second \r\n, ends the entire part header block and prepends bytes to the part body. The default-filename path in add_file/3 derives the filename via Path.basename/1, which does not strip CR or LF, so any application forwarding a partially-attacker-controlled file path inherits the same issue. This issue affects tesla: from 0.8.0 before 1.18.3. | ||||
| CVE-2026-10062 | 1 Trendnet | 2 Tew-432brp, Tew-432brp Firmware | 2026-06-03 | 8.8 High |
| A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. | ||||