Export limit exceeded: 359642 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359642 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359642 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12469 | 1 Google | 1 Chrome | 2026-06-18 | 4.3 Medium |
| Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-55746 | 2026-06-18 | 7.6 High | ||
| Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. A folder title (pff_title) is imported with the 'TXT' filter, which does not strip or encode HTML (the tag check in cot_import is disabled), so an authenticated user can store HTML/JavaScript in a folder title. In modules/pfs/inc/pfs.main.php the title is assigned to the template variable PFF_ROW_TITLE without htmlspecialchars(), and modules/pfs/tpl/pfs.tpl outputs {PFF_ROW_TITLE} unescaped. When the folder listing is viewed (including by other users for public folders), the injected script executes in the victim's browser. | ||||
| CVE-2025-69148 | 2026-06-18 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Quirky <= 1.23 versions. | ||||
| CVE-2026-10836 | 1 Password Manager | 1 Password Manager | 2026-06-18 | N/A |
| Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services. | ||||
| CVE-2026-8811 | 2026-06-18 | N/A | ||
| SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations. | ||||
| CVE-2025-43538 | 1 Apple | 2 Macos, Macos Sonoma | 2026-06-18 | 3.3 Low |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2026-0628 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-20759 | 1 Toa Corporation | 1 Trifora 3 Series | 2026-06-18 | N/A |
| OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command. | ||||
| CVE-2026-23699 | 1 Ruijie | 3 Ap180, Ap180-ac, Ap180-pe | 2026-06-18 | N/A |
| AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices. | ||||
| CVE-2026-24858 | 2 Fortinet, Siemens | 8 Fortianalyzer, Fortimanager, Fortinac-f and 5 more | 2026-06-18 | 9.4 Critical |
| An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiNAC-F 7.6.3 through 7.6.5, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. | ||||
| CVE-2026-1340 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-06-18 | 9.8 Critical |
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2026-25253 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 8.8 High |
| OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value. | ||||
| CVE-2026-25108 | 2 Soliton, Soliton Systems K.k. | 2 Filezen, Filezen | 2026-06-18 | 8.8 High |
| FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. | ||||
| CVE-2026-20133 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-06-18 | 6.5 Medium |
| A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | ||||
| CVE-2026-32746 | 1 Gnu | 1 Inetutils | 2026-06-18 | 9.8 Critical |
| telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | ||||
| CVE-2026-49975 | 3 Apache, Debian, F5 | 3 Http Server, Debian Linux, Nginx | 2026-06-18 | 7.5 High |
| Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67. | ||||
| CVE-2025-69902 | 1 Rohitg00 | 1 Kubectl-mcp-server | 2026-06-18 | 9.8 Critical |
| A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters. | ||||
| CVE-2026-25667 | 1 Microsoft | 2 .net, Aspnetcore | 2026-06-18 | 7.5 High |
| ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | ||||
| CVE-2026-22557 | 1 Ubiquiti | 1 Unifi Network Application | 2026-06-18 | 10 Critical |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account. | ||||
| CVE-2026-26831 | 1 Dbashford | 1 Textract | 2026-06-18 | 9.8 Critical |
| textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization | ||||