Export limit exceeded: 10052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359082 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359086 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50872 | 2026-06-17 | 9.8 Critical | ||
| An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request. | ||||
| CVE-2026-50876 | 2026-06-17 | 5.4 Medium | ||
| A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2026-50885 | 1 Sismics | 1 Teedy | 2026-06-17 | 7.5 High |
| Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request. | ||||
| CVE-2026-50887 | 2026-06-17 | 9.1 Critical | ||
| A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl. | ||||
| CVE-2026-8935 | 2026-06-17 | 9.8 Critical | ||
| The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin access. | ||||
| CVE-2026-6045 | 1 The Document Foundation | 1 Libreoffice | 2026-06-17 | 6.6 Medium |
| LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating. | ||||
| CVE-2026-55706 | 1 Openbsd | 1 Openbsd | 2026-06-17 | 5.8 Medium |
| sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths. | ||||
| CVE-2026-31196 | 1 Altice | 2 Gr140dg, Gr140ig | 2026-06-17 | 8.8 High |
| OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution. | ||||
| CVE-2026-9260 | 2026-06-17 | 6.2 Medium | ||
| Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier | ||||
| CVE-2026-45979 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpu_cs_parser_bos In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit. We do not need to amdgpu_bo_list_put as it's been handled in the amdgpu_cs_parser_fini. | ||||
| CVE-2026-30120 | 2026-06-17 | 9.8 Critical | ||
| remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2026-38060 | 2026-06-17 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter. | ||||
| CVE-2026-38061 | 2026-06-17 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter. | ||||
| CVE-2026-38064 | 2026-06-17 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter. | ||||
| CVE-2026-38329 | 2026-06-17 | 9.8 Critical | ||
| Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and execute arbitrary code on the server. | ||||
| CVE-2026-50869 | 2026-06-17 | 9.8 Critical | ||
| An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request. | ||||
| CVE-2026-36213 | 2026-06-17 | 7.8 High | ||
| An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component. | ||||
| CVE-2026-36521 | 2026-06-17 | 6.1 Medium | ||
| PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module. | ||||
| CVE-2026-37216 | 1 Yangzongzhuan | 1 Ruoyi | 2026-06-17 | 6.1 Medium |
| Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add. | ||||
| CVE-2026-39006 | 2026-06-17 | 9.8 Critical | ||
| An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component. | ||||