Export limit exceeded: 361176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9779 | 1 Aten | 1 Unizon | 2026-06-26 | N/A |
| ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateWar method. The issue results from an incorrect implementation of cryptographic signature verification. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28590. | ||||
| CVE-2026-8663 | 1 Rapid7 | 1 Insightconnect Rpm Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction. | ||||
| CVE-2026-37453 | 1 Msi | 1 Nbfoundation Service | 2026-06-26 | N/A |
| Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe | ||||
| CVE-2026-37454 | 1 Msi | 1 Nbfoundation Service | 2026-06-26 | N/A |
| Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption | ||||
| CVE-2026-37452 | 1 Msi | 1 Nbfoundation Service | 2026-06-26 | N/A |
| Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component | ||||
| CVE-2026-38637 | 1 Redox-os | 1 Relibc | 2026-06-26 | N/A |
| An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-38640 | 1 Redox-os | 1 Relibc | 2026-06-26 | N/A |
| A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2026-8659 | 1 Rapid7 | 1 Insightconnect Sqlmap Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during connection configuration due to insufficient input validation. | ||||
| CVE-2026-9155 | 1 Rapid7 | 1 Insightconnect Sed Plugin | 2026-06-26 | 8.8 High |
| OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation. | ||||
| CVE-2026-9154 | 1 Rapid7 | 1 Insightconnect Sed Plugin | 2026-06-26 | 7.1 High |
| Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter. | ||||
| CVE-2026-9153 | 1 Rapid7 | 1 Insightconnect Sed Plugin | 2026-06-26 | 6.5 Medium |
| Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation. | ||||
| CVE-2026-8660 | 1 Rapid7 | 1 Insightconnect Ping Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands. | ||||
| CVE-2026-8665 | 1 Rapid7 | 1 Insightconnect Tr Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction. | ||||
| CVE-2026-8664 | 1 Rapid7 | 1 Insightconnect Finger Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction. | ||||
| CVE-2026-8592 | 1 Rapid7 | 1 Insightconnect Awk Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline. | ||||
| CVE-2026-8666 | 1 Rapid7 | 1 Insightconnect Traceroute Plugin | 2026-06-26 | 7.7 High |
| OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, count, or time_out request parameters due to insufficient input validation when constructing shell commands. | ||||
| CVE-2026-8662 | 1 Rapid7 | 1 Insightconnect Compression Plugin | 2026-06-26 | 3.3 Low |
| Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker. | ||||
| CVE-2026-8658 | 1 Rapid7 | 1 Insightconnect Tcpdump Plugin | 2026-06-26 | 6 Medium |
| OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction. | ||||
| CVE-2026-5305 | 3 Email Encoder, Simple Mail Address Encoder Project, Wordpress | 3 Email Encoder, Simple Mail Address Encoder, Wordpress | 2026-06-26 | 8.8 High |
| The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks | ||||
| CVE-2026-9702 | 2 Inpost Pl, Wordpress | 2 Inpost Pl, Wordpress | 2026-06-26 | 7.5 High |
| The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or processing order on the site. | ||||