Export limit exceeded: 361128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57535 | 1 Pretix | 1 Pretix | 2026-06-25 | N/A |
| Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server and possibly creating an SSRF vector in the local network. | ||||
| CVE-2026-57533 | 1 Pretix | 1 Pretix | 2026-06-25 | N/A |
| Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes. | ||||
| CVE-2026-47770 | 1 Jqlang | 1 Jq | 2026-06-25 | N/A |
| jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion (uncontrolled recursion). The crash occurs in jq's recursive structural comparison code, with the recursion repeating through jvp_array_equal() and jv_equal() in src/jv.c when comparing deeply nested arrays; a nearby sort comparator path through jv_cmp() in src/jv_aux.c overflows the stack at a larger nesting depth from the same missing recursion guard. Anyone running jq comparisons on attacker-controlled deeply nested JSON values, or embedding jq in a context where untrusted data can reach the == comparison path, is affected. This vulnerability is fixed in 1.8.2. | ||||
| CVE-2026-40084 | 2026-06-25 | 6.5 Medium | ||
| Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report format_file Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage (stored injection), lib/html_reports.php at line 283 stores $save['format_file'] = $post['format_file'] directly into the database without any validation. In the second stage (file read), lib/reports.php at line 667 concatenates CACTI_PATH_FORMATS . '/' . $format_file, and line 670 then calls file($format_file), reading arbitrary files from the filesystem. This issue has been fixed in version 1.2.31. | ||||
| CVE-2026-40083 | 2026-06-25 | 7.2 High | ||
| Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling cacti_unserialize(stripslashes(gnrv('selected_graphs_array'))). The cacti_unserialize() function calls unserialize() with allowed_classes set to false, which prevents object injection but still allows arbitrary string arrays to be deserialized. Then, at lines 760 to 766, the deserialized array values are passed directly into db_execute('DELETE FROM snmpagent_managers WHERE id IN (' . implode(',', $selected_items) . ')'), where they are imploded into the SQL statement without any integer validation, resulting in SQL Injection when using SNMP agent management permissions. This issue has been fixed in version 1.2.31. | ||||
| CVE-2026-40082 | 2026-06-25 | 5.4 Medium | ||
| Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing session_regenerate_id() after login, leading to Session Fixation. session_regenerate_id() is NOT called after successful login. The login flow at auth_login.php:203-207 directly sets $_SESSION[SESS_USER_ID] without rotating the session ID. The session cookie configuration is otherwise good (httponly=true, samesite=Strict, secure=true for HTTPS at include/global.php:513-537), but these do not prevent session fixation via same-site vectors. This issue has been fixed in version 1.2.31. | ||||
| CVE-2026-38637 | 2026-06-25 | N/A | ||
| An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-40210 | 1 Powerdns | 1 Dnsdist | 2026-06-25 | 4.8 Medium |
| An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash. | ||||
| CVE-2026-42004 | 1 Powerdns | 1 Dnsdist | 2026-06-25 | 3.7 Low |
| An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter. | ||||
| CVE-2026-52690 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.9 Medium |
| Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail. | ||||
| CVE-2026-54841 | 2 Appsbd, Wordpress | 2 Vitepos, Wordpress | 2026-06-25 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. | ||||
| CVE-2026-56023 | 2 Knitpay, Wordpress | 2 Upi Qr Code Payment Gateway For Woocommerce, Wordpress | 2026-06-25 | 5.4 Medium |
| Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions. | ||||
| CVE-2026-12755 | 1 Devolutions | 1 Server | 2026-06-25 | 2.7 Low |
| Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2 challenge-response, via a crafted DomainName parameter. | ||||
| CVE-2026-42389 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.3 Medium |
| This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers. | ||||
| CVE-2026-55477 | 1 Mhsanaei | 1 3x-ui | 2026-06-25 | 7.2 High |
| 3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code execution and persistent access as the user running Xray (including root when Xray is running as root). This vulnerability is fixed in 3.3.1. | ||||
| CVE-2026-40080 | 2026-06-25 | 6.1 Medium | ||
| Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at str_contains($referer, CACTI_PATH_URL). When the user's login_opts == '1' (redirect to referer after login), the function used $_SERVER['HTTP_REFERER'] directly. An attacker could craft a referer such as https://evil.com/cacti/. Where CACTI_PATH_URL is /cacti/, the substring matches and the user is redirected to evil.com after login. The pre-existing validate_redirect_url() helper at lib/html_utility.php performed proper validation but was not invoked from auth_login_redirect(). This issue has been fixed in version 1.2.31. | ||||
| CVE-2025-64309 | 1 Brightpick Ai | 1 Mission Control | 2026-06-25 | 7.4 High |
| The affected product discloses device telemetry, configuration, and sensitive information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques. | ||||
| CVE-2025-64307 | 1 Brightpick Ai | 1 Internal Logic Control | 2026-06-25 | 6.5 Medium |
| The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes. | ||||
| CVE-2025-64308 | 1 Brightpick Ai | 1 Mission Control | 2026-06-25 | 6.5 Medium |
| The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal. | ||||
| CVE-2026-46601 | 2026-06-25 | N/A | ||
| The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. | ||||