Export limit exceeded: 361554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361554 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2053 | 1 Wso2 | 1 Wso2 Api Manager | 2026-06-26 | 8.3 High |
| The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests. Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks. | ||||
| CVE-2026-57881 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-49506 | 1 Dell | 1 Wyse Management Suite | 2026-06-26 | 7.2 High |
| Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution. | ||||
| CVE-2026-57453 | 1 Vim | 1 Vim | 2026-06-26 | 6.5 Medium |
| Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678. | ||||
| CVE-2023-20540 | 2026-06-26 | N/A | ||
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity. | ||||
| CVE-2025-60464 | 1 Gpac | 1 Mp4box | 2026-06-26 | 7.8 High |
| A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 TS file. | ||||
| CVE-2023-20572 | 2026-06-26 | N/A | ||
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity. | ||||
| CVE-2026-57879 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-54834 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. | ||||
| CVE-2025-64636 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | ||||
| CVE-2025-68074 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. | ||||
| CVE-2026-56040 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions. | ||||
| CVE-2026-56047 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions. | ||||
| CVE-2026-57878 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-56067 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. | ||||
| CVE-2026-57877 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 8.6 High |
| An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service. | ||||
| CVE-2026-56033 | 2026-06-26 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions. | ||||
| CVE-2026-57430 | 2026-06-26 | 4.3 Medium | ||
| Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions. | ||||
| CVE-2026-57628 | 2026-06-26 | 7.6 High | ||
| Administrator SQL Injection in WP All Import <= 4.0.1 versions. | ||||
| CVE-2026-57876 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 7.5 High |
| An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service. | ||||