Export limit exceeded: 358869 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 358869 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358869 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69124 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Especio <= 1.0 versions. | ||||
| CVE-2025-69122 | 2026-06-16 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions. | ||||
| CVE-2025-69121 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions. | ||||
| CVE-2025-69119 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions. | ||||
| CVE-2025-69118 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions. | ||||
| CVE-2025-69116 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions. | ||||
| CVE-2025-69114 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions. | ||||
| CVE-2025-69113 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions. | ||||
| CVE-2025-69112 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions. | ||||
| CVE-2025-69109 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions. | ||||
| CVE-2025-69108 | 2026-06-16 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions. | ||||
| CVE-2025-69107 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions. | ||||
| CVE-2025-69105 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions. | ||||
| CVE-2025-69104 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions. | ||||
| CVE-2025-69103 | 2026-06-16 | 7.5 High | ||
| Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions. | ||||
| CVE-2025-60085 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions. | ||||
| CVE-2025-58924 | 2026-06-16 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Geya <= 1.15 versions. | ||||
| CVE-2026-12330 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-16 | 5.4 Medium |
| Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12. | ||||
| CVE-2026-10635 | 1 Zephyrproject | 1 Zephyr | 2026-06-16 | 6.3 Medium |
| On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node embedded inside the caller-owned struct k_mem_domain. When a domain is destroyed via k_mem_domain_deinit() - arch_mem_domain_deinit(), the page tables are torn down and domain-arch.ptables is set to NULL, but the domain's node was not removed from xtensa_domain_list. The freed/deinitialized domain therefore remained linked into the global list as a dangling pointer into caller-owned storage that may then be freed or reused. Any subsequent arch_mem_map()/arch_mem_unmap() operation (widely invoked by kernel memory-mapping and demand-paging code) traverses the stale node and dereferences domain-ptables: at minimum a NULL pointer dereference causing a fatal MMU exception (denial of service), and if the k_mem_domain storage has been freed or reused, a use-after-free in which a stale/controlled ptables value is dereferenced and written through during the page-table walk (l2_page_table_map writes l1_table[...] and l2_table[...], and xtensa_mmu_compute_domain_regs writes into the domain struct and the L1 table), yielding page-table memory corruption that can undermine userspace isolation. The vulnerable path is reachable only from privileged kernel/supervisor code (k_mem_domain_deinit is not a syscall), not directly from unprivileged user threads or remotely. Affected: Zephyr v4.4.0 (the Xtensa memory-domain de-initialization feature was introduced in commit 3032b58f52d and first shipped in v4.4.0); fixed on main by adding sys_slist_find_and_remove() in arch_mem_domain_deinit(). The Xtensa MPU path is unaffected. | ||||
| CVE-2026-0142 | 1 Google | 1 Android | 2026-06-16 | 3.3 Low |
| In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||