Export limit exceeded: 357514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47150 | 2 Wedevs, Wordpress | 2 Woocommerce Conversion Tracking, Wordpress | 2026-06-11 | 4.3 Medium |
| Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10. | ||||
| CVE-2026-46170 | 1 Linux | 1 Linux Kernel | 2026-06-11 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: free sk if last When an ADD_ADDR is retransmitted, the sk is held in sk_reset_timer(), and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sock_put() should then be called instead of __sock_put(). But that's not enough: if it is the last reference, sock_put() will call sk_free(), which will end up calling sk_stop_timer_sync() on the same timer, and waiting indefinitely to finish. So it is needed to mark that the timer is done at the end of the timer handler when it has not been rescheduled, not to call sk_stop_timer_sync() on "itself". | ||||
| CVE-2026-46171 | 1 Linux | 1 Linux Kernel | 2026-06-11 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is leaked. Free it before returning. | ||||
| CVE-2026-46517 | 1 Internlm | 1 Lmdeploy | 2026-06-11 | 7.8 High |
| LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-1784 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2026-06-11 | 8.8 High |
| The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration. | ||||
| CVE-2026-47774 | 1 Envoyproxy | 1 Envoy | 2026-06-11 | 7.5 High |
| No description is available for this CVE. | ||||
| CVE-2026-53472 | 1 Kubev2v | 1 Migration-planner | 2026-06-11 | 6.3 Medium |
| A flaw was found in migration-planner. Insufficient validation of the `AgentStatusUpdate.CredentialUrl` field allows an authenticated attacker to store a malicious `javascript:` URL. When a victim views this URL in the Hybrid Cloud Console, it can lead to Cross-Site Scripting (XSS), enabling script execution in the victim's session and potentially disclosing sensitive information. | ||||
| CVE-2026-24066 | 1 Slate Digital | 1 Slate Digital Connect | 2026-06-11 | 8.4 High |
| Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client's signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation. | ||||
| CVE-2026-24067 | 1 Slate Digital | 1 Slate Digital Connect | 2026-06-11 | 8.4 High |
| Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation. | ||||
| CVE-2025-71330 | 1 Image Sizes Project | 1 Image Sizes | 2026-06-11 | 7.5 High |
| image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely. | ||||
| CVE-2025-71329 | 1 Image Sizes Project | 1 Image Sizes | 2026-06-11 | 7.5 High |
| image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application. | ||||
| CVE-2026-53689 | 1 Sahlberg | 1 Libnfs | 2026-06-11 | 7.1 High |
| libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c. | ||||
| CVE-2026-53469 | 1 Kubev2v | 1 Migration-planner | 2026-06-11 | 9.1 Critical |
| A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments, leading to a critical loss of availability and integrity across the entire SaaS platform. | ||||
| CVE-2026-53473 | 1 Kubev2v | 1 Migration-planner-ui-app | 2026-06-11 | 7.3 High |
| A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions. | ||||
| CVE-2026-53474 | 1 Kubev2v | 1 Migration-planner | 2026-06-11 | 9.6 Critical |
| A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment. | ||||
| CVE-2026-53471 | 1 Kubev2v | 1 Migration-planner | 2026-06-11 | 9.6 Critical |
| A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim within these tokens against the requested source ID. This oversight allows an authenticated attacker with a valid agent token to manipulate data across different tenants, leading to a complete collapse of tenant isolation. This could result in unauthorized overwriting of victim inventory, planting of malicious credential URLs, or corruption of migration assessments. | ||||
| CVE-2026-53475 | 1 Kubev2v | 1 Assisted-migration-agent | 2026-06-11 | 9.3 Critical |
| A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials. This can lead to unauthorized access to vCenter. | ||||
| CVE-2026-53476 | 1 Kubev2v | 1 Assisted-migration-agent | 2026-06-11 | 9.6 Critical |
| A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance. | ||||
| CVE-2026-53470 | 1 Kubev2v | 1 Migration-planner | 2026-06-11 | 9.6 Critical |
| A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance (OVA) images belonging to other users. Consequently, the attacker can download OVA images containing sensitive information, such as long-lived agent JSON Web Tokens (JWTs) and source configurations, potentially leading to unauthorized access and modification of the victim's source. | ||||
| CVE-2026-11884 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-11 | 6.5 Medium |
| A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges, or a compromised replication supplier, can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905. | ||||