Export limit exceeded: 361516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361516 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56876 | 2026-06-26 | 8.1 High | ||
| extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files. | ||||
| CVE-2026-57644 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | ||||
| CVE-2026-57656 | 2026-06-26 | 5.9 Medium | ||
| Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | ||||
| CVE-2026-10097 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security. An attacker able to submit chosen ciphertexts to a decapsulation oracle that uses a static ML-KEM-1024 key, and to observe whether the genuine shared secret or the implicit-rejection secret was produced, can use this as a plaintext-checking oracle to recover the private key. A proof of concept recovered a full ML-KEM-1024 private key with approximately 98% success using roughly 350 chosen ciphertexts. The flaw is a deterministic logic error and does not rely on timing measurements. | ||||
| CVE-2026-57527 | 2026-06-26 | 8.8 High | ||
| Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter. The JSFViewState.decode() method base64-decodes the ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowlist, or type restriction, causing the malicious object to be deserialized within the ZAP JVM when the Desktop UI renders the ViewState panel. | ||||
| CVE-2026-11702 | 2026-06-26 | 7.5 High | ||
| Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes. | ||||
| CVE-2026-54636 | 2026-06-26 | 9 Critical | ||
| Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is fixed in 0.38.7. | ||||
| CVE-2026-11625 | 2026-06-26 | 7.5 High | ||
| Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes. | ||||
| CVE-2026-2053 | 1 Wso2 | 1 Wso2 Api Manager | 2026-06-26 | 8.3 High |
| The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests. Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks. | ||||
| CVE-2026-57881 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-49506 | 1 Dell | 1 Wyse Management Suite | 2026-06-26 | 7.2 High |
| Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution. | ||||
| CVE-2026-57453 | 1 Vim | 1 Vim | 2026-06-26 | 6.5 Medium |
| Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678. | ||||
| CVE-2023-20540 | 2026-06-26 | N/A | ||
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity. | ||||
| CVE-2025-60464 | 1 Gpac | 1 Mp4box | 2026-06-26 | 7.8 High |
| A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 TS file. | ||||
| CVE-2026-53160 | 1 Linux | 1 Linux Kernel | 2026-06-26 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpc_map_create fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The caller fastrpc_map_create then calls fastrpc_map_get (kref_get_unless_zero) on this unprotected pointer. A concurrent MEM_UNMAP can free the map between the lock release and the kref operation, resulting in a use-after-free on the freed slab object. Restore the take_ref parameter to fastrpc_map_lookup so the reference is acquired atomically under fl->lock before the pointer is exposed to the caller. | ||||
| CVE-2023-20572 | 2026-06-26 | N/A | ||
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity. | ||||
| CVE-2026-57879 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-54834 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. | ||||
| CVE-2025-64636 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | ||||
| CVE-2025-68074 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. | ||||