Export limit exceeded: 355817 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355817 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28318 | 1 Solarwinds | 1 Serv-u | 2026-06-04 | 7.5 High |
| SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update | ||||
| CVE-2025-11023 | 1 Arksigner | 1 Acbakimzala | 2026-06-04 | 9.8 Critical |
| Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion. This issue affects AcBakImzala: before v5.1.4. | ||||
| CVE-2025-11025 | 1 Vimesoft | 1 Vimesoft | 2026-06-04 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data. This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0. | ||||
| CVE-2025-11145 | 1 Cbk Soft | 1 Envision | 2026-06-04 | 7.5 High |
| Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision allows Account Footprinting. This issue affects enVision: before 250566. | ||||
| CVE-2026-49199 | 1 Acer | 2 Predator Connect W6x, Predator Connect W6x Firmware | 2026-06-04 | 9.8 Critical |
| Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. | ||||
| CVE-2026-41577 | 1 Goauthentik | 1 Authentik | 2026-06-04 | 7.5 High |
| authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expired assertions and acceptance of assertions intended for other service providers. This issue has been patched in versions 2025.12.5 and 2026.2.3. | ||||
| CVE-2025-11151 | 1 Beyaz Bilgisayar | 1 Cityplus | 2026-06-04 | 8.2 High |
| Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages. This issue affects CityPLus: before V24.29500.1.0. | ||||
| CVE-2026-49186 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 9.8 Critical |
| The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands. | ||||
| CVE-2026-49185 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 9.8 Critical |
| The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. | ||||
| CVE-2026-49187 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 7.5 High |
| The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. | ||||
| CVE-2026-49188 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 9.8 Critical |
| The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands. | ||||
| CVE-2025-11242 | 1 Teknolist Computer Systems Software Publishing Industry And Trade Inc. | 1 Okulistik | 2026-06-04 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery. This issue affects Okulistik: through 21102025. | ||||
| CVE-2026-49189 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 7.8 High |
| Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. | ||||
| CVE-2026-49190 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 8.8 High |
| The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. | ||||
| CVE-2026-49191 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 9.8 Critical |
| The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. | ||||
| CVE-2026-49192 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 5.4 Medium |
| The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. | ||||
| CVE-2026-49193 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 7.5 High |
| Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet. | ||||
| CVE-2026-49194 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 8.8 High |
| The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. | ||||
| CVE-2026-49202 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 8.6 High |
| Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. | ||||
| CVE-2026-49203 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 8.3 High |
| Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. | ||||