Export limit exceeded: 359632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359632 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12458 | 1 Google | 1 Chrome | 2026-06-18 | 3.1 Low |
| Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12459 | 1 Google | 1 Chrome | 2026-06-18 | 6.1 Medium |
| Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-48781 | 1 Gitroomhq | 1 Postiz-app | 2026-06-18 | 9.9 Critical |
| Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWT_SECRET, and the auth middleware trusted every claim in that JWT without re-resolving the user from the database. Any authenticated Postiz user could forge a SUPERADMIN session and impersonate arbitrary organizations. This allowed Full Access to the following: all parts of Postiz, including users registered to the specific instance and the ability to post in the name of the victim's social media channels added to that Postiz instance. This issue has been fixed in version 2.21.8. | ||||
| CVE-2026-53846 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 7.1 High |
| OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager executables during dependency setup to compromise the build environment. | ||||
| CVE-2026-53858 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 7.1 High |
| OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local paths, potentially executing malicious code during dependency resolution. | ||||
| CVE-2026-53864 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 8.1 High |
| OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, or skill environment blocks can pass malicious Node.js control variables to influence child processes or coverage output paths. | ||||
| CVE-2026-46889 | 1 Oracle | 1 Siebel Apps - Marketing | 2026-06-18 | 9.8 Critical |
| Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-46887 | 1 Oracle | 1 Siebel Apps - Marketing | 2026-06-18 | 9.8 Critical |
| Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-46979 | 1 Oracle | 1 Peoplesoft Enterprise Cs Campus Community | 2026-06-18 | 6.5 Medium |
| Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2026-46978 | 1 Oracle | 1 Solaris | 2026-06-18 | 10 Critical |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). | ||||
| CVE-2026-28587 | 1 Google | 1 Android | 2026-06-18 | N/A |
| In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-24085 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-18 | 10 Critical |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. | ||||
| CVE-2025-24178 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-18 | 9.8 Critical |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox. | ||||
| CVE-2025-24230 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-18 | 9.8 Critical |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination. | ||||
| CVE-2025-43300 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-06-18 | 10 Critical |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | ||||
| CVE-2024-9342 | 1 Eclipse | 1 Glassfish | 2026-06-18 | 9.8 Critical |
| In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection . | ||||
| CVE-2020-0415 | 1 Google | 1 Android | 2026-06-18 | 5.5 Medium |
| In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795 | ||||
| CVE-2026-46939 | 1 Oracle | 1 Configure To Order | 2026-06-18 | 8.1 High |
| Vulnerability in the Oracle Configure to Order product of Oracle E-Business Suite (component: Supply to Order Workbench). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configure to Order. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Configure to Order accessible data as well as unauthorized access to critical data or complete access to all Oracle Configure to Order accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2026-25616 | 2 Blesta, Phillipsdata | 2 Blesta, Blesta | 2026-06-18 | 4.7 Medium |
| Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665. | ||||
| CVE-2026-25836 | 1 Fortinet | 3 Fortisandbox Cloud, Fortisandboxcloud, Fortisandboxpaas | 2026-06-18 | 6.7 Medium |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. | ||||