Export limit exceeded: 361387 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361387 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57435 | 1 Sparklemotion | 1 Nokogiri | 2026-06-26 | N/A |
| Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attr#value= could free the underlying native child node while the wrapper remained reachable through the document node cache. A later use of the freed child node or a Ruby GC mark could dereference an invalid pointer, causing an invalid read and a possible segfault. This vulnerability is fixed in 1.19.4. | ||||
| CVE-2026-57436 | 1 Sparklemotion | 1 Nokogiri | 2026-06-26 | N/A |
| Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. This vulnerability is fixed in 1.19.4. | ||||
| CVE-2026-57437 | 1 Sparklemotion | 1 Nokogiri | 2026-06-26 | N/A |
| Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application code constructs an XPathContext directly and lets the document become unreachable while continuing to use the context. The normal Document#xpath, #css, and related search methods are not affected, and it is not triggerable by malicious document input. This vulnerability is fixed in 1.19.4. | ||||
| CVE-2026-57438 | 1 Sparklemotion | 1 Nokogiri | 2026-06-26 | 6.2 Medium |
| Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Node#do_xinclude replaced each <xi:include> in place, freeing the include node along with its children (such as <xi:fallback> and its descendants) and any namespaces declared on them. If an application had already exposed one of those nodes or namespaces to Ruby, the corresponding Ruby object was left pointing at freed memory. Using the object could result in invalid reads or writes to memory. This vulnerability is fixed in 1.19.4. | ||||
| CVE-2026-9650 | 1 Schneider Electric | 2 Easylogic T150 (formerly Saitel Dr) Remote Terminal Unit & Controller, Saitel Dp Remote Terminal Unit & Controller | 2026-06-26 | N/A |
| CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the device if they have physical access to the device. | ||||
| CVE-2026-9651 | 1 Schneider Electric | 2 Easylogic T150 (formerly Saitel Dr) Remote Terminal Unit & Controller, Saitel Dp Remote Terminal Unit & Controller | 2026-06-26 | N/A |
| CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files. | ||||
| CVE-2026-9716 | 1 Schneider-electric | 1 Powerlogic P7 | 2026-06-26 | N/A |
| CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces. | ||||
| CVE-2026-9718 | 1 Schneider-electric | 1 Powerlogic P7 | 2026-06-26 | N/A |
| CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service. | ||||
| CVE-2026-48943 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-26 | 6.5 Medium |
| K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table — none of which are exposed by the K2 frontend profile-edit form. | ||||
| CVE-2026-48942 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-26 | 6.1 Medium |
| K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping. | ||||
| CVE-2026-48944 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-26 | 6.5 Medium |
| The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user — including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint. | ||||
| CVE-2026-48946 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-26 | 6.3 Medium |
| The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server's context. | ||||
| CVE-2026-48941 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-26 | 6.5 Medium |
| The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/` | ||||
| CVE-2026-12844 | 1 Drolsky | 1 List::someutils::xs | 2026-06-26 | 7.5 High |
| List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer. Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap. | ||||
| CVE-2026-48940 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-26 | 3.4 Low |
| A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page. | ||||
| CVE-2026-48945 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-26 | 5.3 Medium |
| The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access. | ||||
| CVE-2026-4522 | 1 Hypr | 1 Passwordless | 2026-06-26 | N/A |
| Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1. | ||||
| CVE-2026-9800 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-06-26 | 8.1 High |
| A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources. | ||||
| CVE-2026-9086 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-06-26 | 7.3 High |
| A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-Site Scripting (XSS) vulnerability allows for arbitrary code execution in the Keycloak origin when a victim clicks the crafted link, such as in the logout flow or the Admin Console. | ||||
| CVE-2026-9705 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-06-26 | 6.5 Medium |
| A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker to reset the client's secret and potentially regain privileged API access. The primary impact includes unauthorized information disclosure and potential integrity compromise. | ||||