Export limit exceeded: 359632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359632 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10687 | 2026-06-18 | N/A | ||
| This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, confirmed with the fix author, determined that the addressed defect does not apply to any released version of Zephyr: the affected code path exists only in unreleased development code, and no released branch is affected. As no released version is affected, this identifier is withdrawn. | ||||
| CVE-2026-12505 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-18 | 7.8 High |
| A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted request_key payload to trick the root-owned helper into entering a custom environment (namespace) containing a malicious NSS module. This forces the system to load the attacker's controlled NSS Module and configuration, allowing them to execute arbitrary commands as the root user, elevating their privileges and fully compromising the system. | ||||
| CVE-2026-28576 | 1 Android | 1 Android | 2026-06-18 | N/A |
| In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-55199 | 1 Libssh2 | 1 Libssh2 | 2026-06-18 | 5.9 Medium |
| libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops. | ||||
| CVE-2026-12529 | 1 Sourcecodester | 1 Cet Automated Grading System With Ai Predictive Analytics | 2026-06-18 | 7.3 High |
| A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. | ||||
| CVE-2026-12515 | 1 Redhat | 2 Hummingbird, Satellite | 2026-06-18 | 4.3 Medium |
| A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content. | ||||
| CVE-2026-11791 | 1 Redhat | 2 Directory Server, Enterprise Linux | 2026-06-18 | 5 Medium |
| A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash). | ||||
| CVE-2026-3490 | 1 Mmaitre314 | 1 Picklescan | 2026-06-18 | 10 Critical |
| picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution. | ||||
| CVE-2025-24252 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-18 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory. | ||||
| CVE-2026-23870 | 1 Facebook | 3 React-server-dom-parcel, React-server-dom-turbopack, React-server-dom-webpack | 2026-06-18 | 7.5 High |
| A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack (versions 19.0.0 through 19.0.5, 19.1.0 through 19.1.6, and 19.2.0 through 19.2.5). | ||||
| CVE-2026-12437 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-54186 | 2 Eyecix, Wordpress | 2 Jobsearch, Wordpress | 2026-06-18 | 9.3 Critical |
| Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | ||||
| CVE-2026-26793 | 1 Gl-inet | 3 Ar300m16, Ar300m16 Firmware, Gl-ar300m16 | 2026-06-18 | 9.8 Critical |
| GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input. | ||||
| CVE-2026-38361 | 1 Fohrloop | 1 Dash-uploader | 2026-06-18 | 7.5 High |
| Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler (dash_uploader/httprequesthandler.py, dash_uploader/upload.py) trusts unsanitized, attacker-controlled upload parameters (e.g. flowTotalChunks) and does not enforce the documented max_file_size limit, allowing a remote, unauthenticated attacker to cause an out-of-memory (OOM) process crash (unbounded range(1, flowTotalChunks + 1) allocation), truncation of the target file to zero bytes (flowTotalChunks=0, where the all([]) == True quirk runs the file-assembly branch on zero chunks), permanent disk exhaustion (never-cleaned-up temporary directories per flowIdentifier), and a complete bypass of the documented max_file_size limit. | ||||
| CVE-2026-45185 | 1 Exim | 1 Exim | 2026-06-18 | 9.8 Critical |
| Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code. | ||||
| CVE-2026-39054 | 1 Oinone | 1 Pamirs | 2026-06-18 | 7.3 High |
| Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary operating system command execution. | ||||
| CVE-2026-36828 | 1 Panabit | 1 Pap-xm320 | 2026-06-18 | 8.8 High |
| A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter. | ||||
| CVE-2026-48917 | 2 Jenkins, Jenkins Project | 2 Ldap, Jenkins Ldap Plugin | 2026-06-18 | 6.6 Medium |
| Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation. | ||||
| CVE-2026-35302 | 1 Oracle | 1 Weblogic Server | 2026-06-18 | 8.3 High |
| Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2026-12443 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||