Export limit exceeded: 361783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361783 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45405 | 1 Dokku | 1 Dokku | 2026-06-29 | 9 Critical |
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — including overwriting ~/.ssh/authorized_keys to gain unrestricted shell access. This vulnerability is fixed in 0.38.2. | ||||
| CVE-2026-54636 | 1 Dokku | 1 Dokku | 2026-06-29 | 9 Critical |
| Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is fixed in 0.38.7. | ||||
| CVE-2026-57231 | 1 Podman-container-tools | 1 Podman | 2026-06-29 | 7.5 High |
| Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0. | ||||
| CVE-2026-55686 | 1 Podman-container-tools | 1 Podman | 2026-06-29 | 5.3 Medium |
| Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1. | ||||
| CVE-2026-48529 | 1 Github | 1 Github-mcp-server | 2026-06-29 | 6 Medium |
| GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL queries are executed using the first user's credentials. The singleton is never updated to reflect later users' tokens. This vulnerability is fixed in 1.1.2. | ||||
| CVE-2026-56876 | 1 Max-mapper | 1 Extract-zip | 2026-06-29 | 8.1 High |
| extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files. | ||||
| CVE-2026-54753 | 1 Nrwl | 1 Nx | 2026-06-29 | 5.9 Medium |
| Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: * on every response, letting any website a developer visited read the server's responses cross-origin — including the full project graph and the output of the /help endpoint, which runs a target's configured help command. The practical impact is typically cross-origin information disclosure, but can be arbitrary command injection in rare cases. This vulnerability is fixed in 22.7.2 and 23.0.0-beta.2. | ||||
| CVE-2026-29509 | 1 Wummel | 1 Patool | 2026-06-29 | 5.4 Medium |
| Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Python before 3.12, where the is_within_directory() helper uses os.path.commonprefix() for character-level string comparison instead of path-level comparison, allowing a crafted archive member path to bypass the containment check. Attackers can supply a malicious archive with specially crafted member paths to write arbitrary files. | ||||
| CVE-2026-32833 | 1 Shenzhen Cudy Technology | 1 Lt300 3.0 | 2026-06-29 | 8.8 High |
| Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface. Attackers can submit malicious payloads through the NTP settings endpoint to achieve remote code execution on the underlying system. | ||||
| CVE-2026-46604 | 1 Golang | 1 Image | 2026-06-29 | 7.5 High |
| The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset. | ||||
| CVE-2026-28701 | 1 Daktronics | 3 Dmp-5000, Dmp-8000, Vfc-dmp-5000 | 2026-06-29 | 9.8 Critical |
| Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths. | ||||
| CVE-2026-33560 | 1 Daktronics | 3 Dmp-5000, Dmp-8000, Vfc-dmp-5000 | 2026-06-29 | 7.1 High |
| The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server. | ||||
| CVE-2026-31928 | 1 Daktronics | 3 Dmp-5000, Dmp-8000, Vfc-dmp-5000 | 2026-06-29 | 8.1 High |
| The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access. | ||||
| CVE-2026-55975 | 1 H.view | 1 Hv-500s6 Ip Camera | 2026-06-29 | 7.2 High |
| A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation. | ||||
| CVE-2026-56414 | 1 H.view | 1 Hv-500s6 Ip Camera | 2026-06-29 | 7.2 High |
| A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot. | ||||
| CVE-2026-13335 | 2 Codepeople, Wordpress | 2 Codepeople Post Map For Google Maps, Wordpress | 2026-06-29 | 6.4 Medium |
| The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-13245 | 2 Maxfoundry, Wordpress | 2 Maxbuttons – Create Buttons, Wordpress | 2026-06-29 | 6.1 Medium |
| The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2026-9677 | 2 Shariff For Wordpress, Wordpress | 2 Shariff For Wordpress, Wordpress | 2026-06-29 | 4.8 Medium |
| The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML via the generateshariff() function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2026-11364 | 2 Dornaweb, Wordpress | 2 Product Specifications For Woocommerce, Wordpress | 2026-06-29 | 4.3 Medium |
| The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the __invoke() methods of the AttributeGroupController and AttributeController classes, which are bound to the 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create, edit, and delete arbitrary product specification groups and attributes (taxonomy terms in the 'spec-group' and attribute taxonomies), corrupting business data and impacting the site's frontend display. | ||||
| CVE-2026-11773 | 2 Masteriyo, Wordpress | 2 Masteriyo Lms – Lms Course Builder, Quizzes & Certificates, Wordpress | 2026-06-29 | 4.3 Medium |
| The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with student-level access and above, to modify the description (post content) of arbitrary course announcements authored by instructors or administrators. | ||||