Export limit exceeded: 348219 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348219 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348219 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7791 | 1 Amazon | 1 Workspaces | 2026-05-05 | 7.8 High |
| Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM. | ||||
| CVE-2026-7788 | 2026-05-05 | 7.3 High | ||
| A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of the argument DOCS_DIR/path results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-44028 | 2 Lix Project, Nixos | 2 Lix, Nix | 2026-05-05 | 7.5 High |
| An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite memory on the heap and could allow arbitrary code execution as the Nix daemon (run as root in multi-user installations) if ASLR hardening is bypassed. This can be exploited by all users able to connect to the daemon (e.g., in Nix, this is configurable via the allowed-users setting, defaulting to all users). The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 for Nix (introduced in 2.24.4); and 2.95.2, 2.94.2, and 2.93.4 for Lix (introduced in 2.93.0). | ||||
| CVE-2026-41927 | 2026-05-05 | N/A | ||
| WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques. | ||||
| CVE-2026-5039 | 1 Tp-link | 3 Tl-wl841n, Tl-wr841n, Tl-wr841n Firmware | 2026-05-05 | 8.8 High |
| TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition. | ||||
| CVE-2026-32210 | 1 Microsoft | 2 Dynamics 365, Dynamics 365 Online | 2026-05-05 | 9.3 Critical |
| Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-42223 | 1 0xjacky | 1 Nginx-ui | 2026-05-05 | 6.5 Medium |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes (via ProtectedFill in SaveSettings) and is completely ignored during reads. This exposes 40+ protected fields including JwtSecret (enabling auth token forgery), NodeSecret (enabling cluster node impersonation), OIDC ClientSecret (enabling OAuth account takeover), and the IP whitelist configuration. This issue has been patched in version 2.3.8. | ||||
| CVE-2026-7782 | 2026-05-05 | 6.3 Medium | ||
| A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-42439 | 1 Openclaw | 1 Openclaw | 2026-05-05 | 8.5 High |
| OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operations. | ||||
| CVE-2023-54344 | 2026-05-05 | 9.8 Critical | ||
| Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections. | ||||
| CVE-2026-5722 | 2026-05-05 | 9.8 Critical | ||
| The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible for unauthenticated attackers to authenticate as existing users, including administrators, by obtaining a valid guest verification token for an attacker-controlled email, changing the same guest customer email to the target account email through the public waitlist flow, and then using the original verification link. | ||||
| CVE-2026-27694 | 1 Traccar | 1 Traccar | 2026-05-05 | 5.4 Medium |
| Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store crafted HTML in these fields, which is then rendered in notification emails sent to other users with access to the affected devices. This can lead to phishing or spoofed email content. This issue is fixed in version 6.13.0. | ||||
| CVE-2026-6701 | 2026-05-05 | 4.3 Medium | ||
| The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-6732 | 2 Redhat, Xmlsoft | 8 Enterprise Linux, Hardened Images, Hummingbird and 5 more | 2026-05-05 | 6.5 Medium |
| A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable. | ||||
| CVE-2026-43567 | 1 Openclaw | 1 Openclaw | 2026-05-05 | 6.5 Medium |
| OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system. | ||||
| CVE-2026-43531 | 1 Openclaw | 1 Openclaw | 2026-05-05 | 7.3 High |
| OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise application behavior. | ||||
| CVE-2026-6262 | 2 Muffingroup, Wordpress | 2 Betheme, Wordpress | 2026-05-05 | 6.5 Medium |
| The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload path (`mfn-icon-upload`) in a filesystem move operation without constraining it to the uploads directory. This makes it possible for authenticated attackers, with contributor-level access and above, to move/delete arbitrary local files via path traversal. | ||||
| CVE-2026-42433 | 1 Openclaw | 1 Openclaw | 2026-05-05 | 6.5 Medium |
| OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner message-tool runs. | ||||
| CVE-2026-2729 | 2 Wordpress, Wpmudev | 2 Wordpress, Forminator Forms – Contact Form, Payment Form & Custom Form Builder | 2026-05-05 | 5.3 Medium |
| The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public payment flow. This makes it possible for unauthenticated attackers to submit high-value paid forms as completed by reusing a previously succeeded low-value Stripe PaymentIntent, resulting in underpayment/payment bypass conditions. | ||||
| CVE-2026-4665 | 2026-05-05 | 6.4 Medium | ||
| The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, 2.7.10. This is due to the `fancybox-config.js` script reading the carousel container's `id` attribute directly from the DOM to construct a jQuery selector without sanitization. When a Contributor crafts an HTML block with a malformed carousel container ID (containing characters invalid for jQuery selectors), the custom fancybox configuration throws a JavaScript error and fails to initialize. This causes the bundled fancybox library (v3.5.7) to fall back to its default caption handling, which renders the `data-caption` attribute content as raw HTML. Since WordPress allows `data-*` attributes through `wp_kses_post()`, this makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks an image in the crafted carousel lightbox. | ||||