Export limit exceeded: 361485 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361485 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-38640 | 1 Redox-os | 1 Relibc | 2026-06-26 | 7.5 High |
| A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2026-56057 | 2026-06-26 | 9.8 Critical | ||
| Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions. | ||||
| CVE-2026-56063 | 2026-06-26 | 8.3 High | ||
| Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions. | ||||
| CVE-2026-57914 | 1 Apache | 1 Kerby | 2026-06-26 | 6.5 Medium |
| By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue. | ||||
| CVE-2026-40711 | 1 Dell | 1 Container Storage Modules | 2026-06-26 | 8 High |
| Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2026-57923 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 5.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings | ||||
| CVE-2026-57880 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2025-63041 | 2026-06-26 | 5.4 Medium | ||
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | ||||
| CVE-2026-54839 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions. | ||||
| CVE-2026-56030 | 2026-06-26 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. | ||||
| CVE-2026-57618 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions. | ||||
| CVE-2026-57924 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details | ||||
| CVE-2026-57925 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags | ||||
| CVE-2026-57926 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 2.6 Low |
| In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack | ||||
| CVE-2026-56036 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions. | ||||
| CVE-2026-45405 | 2026-06-26 | 9 Critical | ||
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — including overwriting ~/.ssh/authorized_keys to gain unrestricted shell access. This vulnerability is fixed in 0.38.2. | ||||
| CVE-2026-57316 | 2026-06-26 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions. | ||||
| CVE-2026-57323 | 2026-06-26 | 5.8 Medium | ||
| Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions. | ||||
| CVE-2026-57921 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint | ||||
| CVE-2026-57922 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 3.1 Low |
| In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible | ||||