Export limit exceeded: 361693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57923 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 5.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings | ||||
| CVE-2026-57880 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2025-63041 | 2026-06-26 | 5.4 Medium | ||
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | ||||
| CVE-2026-54839 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions. | ||||
| CVE-2026-56030 | 2026-06-26 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. | ||||
| CVE-2026-57618 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions. | ||||
| CVE-2026-57924 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details | ||||
| CVE-2026-57925 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags | ||||
| CVE-2026-57926 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 2.6 Low |
| In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack | ||||
| CVE-2026-56036 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions. | ||||
| CVE-2026-45405 | 2026-06-26 | 9 Critical | ||
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — including overwriting ~/.ssh/authorized_keys to gain unrestricted shell access. This vulnerability is fixed in 0.38.2. | ||||
| CVE-2026-57316 | 2026-06-26 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions. | ||||
| CVE-2026-57323 | 2026-06-26 | 5.8 Medium | ||
| Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions. | ||||
| CVE-2026-57921 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint | ||||
| CVE-2026-57922 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 3.1 Low |
| In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible | ||||
| CVE-2026-53914 | 1 Jetbrains | 1 Kotlin | 2026-06-26 | 6.7 Medium |
| In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata | ||||
| CVE-2026-56876 | 2026-06-26 | 8.1 High | ||
| extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files. | ||||
| CVE-2026-57644 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | ||||
| CVE-2026-57656 | 2026-06-26 | 5.9 Medium | ||
| Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | ||||
| CVE-2026-10097 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and are accepted as valid, breaking IND-CCA2 security. An attacker able to submit chosen ciphertexts to a decapsulation oracle that uses a static ML-KEM-1024 key, and to observe whether the genuine shared secret or the implicit-rejection secret was produced, can use this as a plaintext-checking oracle to recover the private key. A proof of concept recovered a full ML-KEM-1024 private key with approximately 98% success using roughly 350 chosen ciphertexts. The flaw is a deterministic logic error and does not rely on timing measurements. | ||||