Export limit exceeded: 361149 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361149 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361149 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64307 | 1 Brightpick Ai | 1 Internal Logic Control | 2026-06-25 | 6.5 Medium |
| The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes. | ||||
| CVE-2025-64308 | 1 Brightpick Ai | 1 Mission Control | 2026-06-25 | 6.5 Medium |
| The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal. | ||||
| CVE-2026-46601 | 2026-06-25 | N/A | ||
| The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. | ||||
| CVE-2026-57454 | 1 Vim | 1 Vim | 2026-06-25 | N/A |
| Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679. | ||||
| CVE-2026-57453 | 1 Vim | 1 Vim | 2026-06-25 | 6.5 Medium |
| Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678. | ||||
| CVE-2026-57452 | 1 Vim | 1 Vim | 2026-06-25 | 5.5 Medium |
| Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflows and a subsequent decryption call reads far past the end of the input buffer, crashing Vim. This vulnerability is fixed in 9.2.0671. | ||||
| CVE-2026-57451 | 1 Vim | 1 Vim | 2026-06-25 | 5.3 Medium |
| Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that guarantees room for a single entry; the count is never checked against the amount of data actually present. A line that declares a large count while carrying little data causes consumers to read far past the end of the line buffer. Such a line can be delivered through a crafted undo file, leading to a crash. This vulnerability is fixed in 9.2.0670. | ||||
| CVE-2026-55892 | 1 Vim | 1 Vim | 2026-06-25 | 5.5 Medium |
| Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (prefix[], arridx[], curi[]). A crafted .spl file, loaded when the user dumps the word list, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0662. | ||||
| CVE-2026-55693 | 1 Vim | 1 Vim | 2026-06-25 | N/A |
| Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (arridx[], curi[], wordcount[]). A crafted .spl/.sug file pair, loaded when the user invokes spell suggestion, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0653. | ||||
| CVE-2026-6094 | 1 Wolfssl | 1 Wolfssl | 2026-06-25 | N/A |
| Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS. | ||||
| CVE-2026-6291 | 1 Wolfssl | 1 Wolfssl | 2026-06-25 | N/A |
| Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to submit crafted EnvelopedData messages and observe error responses could use this as a padding oracle to incrementally recover the encrypted Content Encryption Key (CEK). The fix generates a deterministic pseudo-random fake CEK on padding failure (via HMAC-SHA256) and proceeds with decryption identically, using constant-time operations throughout, so that all failure paths produce the same error regardless of padding validity. | ||||
| CVE-2026-55697 | 1 Pnpm | 1 Pnpm | 2026-06-25 | 7.5 High |
| pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3. | ||||
| CVE-2026-50017 | 1 Pnpm | 1 Pnpm | 2026-06-25 | N/A |
| pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped _authToken. The repository does not provide a token-bearing auth line. It only sets registry= to a different registry URL. During normal pnpm metadata/install workflows, pnpm binds the user-origin unscoped credential to the repository-selected registry and sends it as an Authorization header. This vulnerability is fixed in 10.34.0 and 11.4.0. | ||||
| CVE-2026-40011 | 1 Powerdns | 1 Dnsdist | 2026-06-25 | 3.7 Low |
| An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires. | ||||
| CVE-2026-40209 | 1 Powerdns | 1 Dnsdist | 2026-06-25 | 5.3 Medium |
| An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors. | ||||
| CVE-2026-33612 | 1 Powerdns | 1 Recursor | 2026-06-25 | 7.5 High |
| A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning. | ||||
| CVE-2026-40012 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.3 Medium |
| ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled; | ||||
| CVE-2026-42387 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.9 Medium |
| A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation. | ||||
| CVE-2026-42390 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.3 Medium |
| An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation. | ||||
| CVE-2026-54037 | 1 Danny-avila | 1 Libre Chat | 2026-06-25 | 6.5 Medium |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint — which is in the same file and performs the exact same expensive database operations — was not given any rate limiter. An authenticated user can bypass the CVE-2025-7105 fix by using /duplicate instead of /fork to exhaust server resources. This vulnerability is fixed in 0.8.4-rc1. | ||||