Export limit exceeded: 351785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9056 | 1 Talend | 1 Administration Center | 2026-05-20 | 5.4 Medium |
| A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user. | ||||
| CVE-2026-24215 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 5.7 Medium |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-6902 | 1 Perforce | 1 Helix Core | 2026-05-20 | N/A |
| A Remote Code Execution vulnerability in P4 (Helix Core) Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks. | ||||
| CVE-2026-20994 | 1 Samsung | 1 Account | 2026-05-20 | N/A |
| URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | ||||
| CVE-2026-24207 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 9.8 Critical |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. | ||||
| CVE-2025-33255 | 2026-05-20 | 7.5 High | ||
| NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. | ||||
| CVE-2025-15369 | 2 Wordpress, Xpro | 2 Wordpress, Xpro Addons — 140+ Widgets For Elementor | 2026-05-20 | 5.3 Medium |
| The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_content_editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create published Xpro templates. | ||||
| CVE-2026-24206 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 7.3 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure. | ||||
| CVE-2026-24210 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24213 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 8 High |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure. | ||||
| CVE-2026-24214 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 8 High |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service. | ||||
| CVE-2026-24208 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 5.3 Medium |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24209 | 1 Nvidia | 1 Triton Inference Server | 2026-05-20 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24142 | 2026-05-20 | 6.3 Medium | ||
| NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||||
| CVE-2026-24160 | 2026-05-20 | 5.5 Medium | ||
| NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24163 | 2026-05-20 | 7.5 High | ||
| NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. | ||||
| CVE-2026-7460 | 1 Mailcow | 1 Mailcow Dockerized | 2026-05-20 | N/A |
| mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML without adequate output encoding. This issue affects mailcow-dockerized: 2026-03b. | ||||
| CVE-2026-4878 | 2 Libcap Project, Redhat | 10 Libcap, Discovery, Enterprise Linux and 7 more | 2026-05-20 | 6.7 Medium |
| A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. | ||||
| CVE-2026-8685 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-05-20 | 6.5 Medium |
| The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the show_control_data::post_list() function, which is registered as an admin menu page with only the 'read' capability. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-6555 | 2 Prosolution, Wordpress | 2 Prosolution Wp Client, Wordpress | 2026-05-20 | 9.8 Critical |
| The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and uploaded to a web-accessible directory. This makes it possible for unauthenticated attackers to upload malicious PHP files and achieve remote code execution by sending a valid first file followed by a malicious file. | ||||