Export limit exceeded: 356394 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356394 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24315 | 1 Sap | 1 Fiori Launchpad | 2026-06-09 | 4.2 Medium |
| SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system causing low impact on Confidentiality and Integrity. Availability of the system is no impacted. | ||||
| CVE-2026-40128 | 1 Sap | 1 Sap Netweaver Application Server Java | 2026-06-09 | 9 Critical |
| SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable. | ||||
| CVE-2026-44743 | 1 Sap | 1 Business Objects | 2026-06-09 | 3.7 Low |
| Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application. | ||||
| CVE-2026-44748 | 1 Sap Se | 1 Sap Netweaver And Abap Platform | 2026-06-09 | 9.9 Critical |
| SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2026-5068 | 1 Zephyrproject-rtos | 1 Zephyr | 2026-06-09 | 7.6 High |
| A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf) and the chosen RX pool has a user_data_size smaller than 2 bytes, the segmentation counter stored in the net_buf user_data area is written out of bounds in l2cap_chan_le_recv_seg (subsys/bluetooth/host/l2cap.c). The observed effects are an AddressSanitizer abort and, without ASan, heap corruption / fatal error. | ||||
| CVE-2026-41983 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 4.3 Medium |
| DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41985 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 5.1 Medium |
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2026-41976 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 6.6 Medium |
| Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41982 | 1 Huawei | 1 Harmonyos | 2026-06-09 | 6.4 Medium |
| Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-8365 | 2026-06-09 | 8.8 High | ||
| The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksy_sanitize_post_meta_options() function, which only blocks values containing '<' or '>' and does not prevent serialized PHP object strings from being stored in post meta, combined with the SearchReplacer::run_recursively() function unconditionally deserializing all string values via @unserialize() during migration without restricting allowed classes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a serialized Blocksy\RaiiPattern object into post meta that, when the V200 migration runs on an upgraded site, is deserialized and triggers RaiiPattern::__destruct(), which executes arbitrary PHP callables via call_user_func(). | ||||
| CVE-2026-10840 | 1 Redhat | 3 Openshift, Openshift Builds, Openshift Pipelines | 2026-06-09 | 7.1 High |
| A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate. | ||||
| CVE-2026-25112 | 1 Genetec | 7 Genetec Airport Operational Manager, Genetec Industrial Iot, Genetec Inter-system Gateway and 4 more | 2026-06-09 | 7.8 High |
| A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack. | ||||
| CVE-2026-23687 | 2 Sap, Sap Se | 2 Sap Basis, Sap Netweaver And Abap Platform | 2026-06-09 | 8.8 High |
| SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage. | ||||
| CVE-2026-10725 | 1 Crux | 1 Protocol::http2 | 2026-06-09 | 7.5 High |
| Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory (the "HTTP/2 bomb"). The headers_decode method materialises a full key+value copy per indexed reference with no running size check, and the stream_header_block_add method appends (since version 1.12) every CONTINUATION frame to the per-stream buffer unbounded. MAX_HEADER_LIST_SIZE (default 65536) is advertised in SETTINGS but never consulted on decode. It is absent from the decoder and from the :limits export tag. | ||||
| CVE-2026-44757 | 1 Sap | 1 Introscope Enterprise Manager | 2026-06-09 | 4.7 Medium |
| SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the confidentiality and integrity of the application with no impact on availability. | ||||
| CVE-2026-8977 | 2 Shahjahan Jewel, Wordpress | 2 Wp Gdpr Cookie Consent, Wordpress | 2026-06-09 | 6.4 Medium |
| The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls() function, combined with insufficient input sanitization on the gdprConfig values and missing output escaping in the generateCSS() function which echoes stored configuration values directly into a <style> block rendered on wp_head. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-4986 | 2 Wordpress, Wpforms | 2 Wordpress, Wpforms | 2026-06-09 | N/A |
| The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions. | ||||
| CVE-2026-5067 | 1 Zephyrproject-rtos | 1 Zephyr | 2026-06-09 | 9.8 Critical |
| A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the input length reaches the buffer size. During upgrade handling the buffer is copied to a local stack buffer and passed to strlen(); if no NUL exists in-bounds, strlen() reads beyond the stack buffer and subsequent concatenation with the WebSocket magic string can write out of bounds. This leads to out-of-bounds read and write on stack memory, resulting in crash (denial of service) and potentially code execution. The path is reachable when CONFIG_HTTP_SERVER_WEBSOCKET is enabled. | ||||
| CVE-2026-41539 | 1 Qnap Systems Inc. | 2 Qts, Quts Hero | 2026-06-09 | N/A |
| A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3500 build 20260520 and later | ||||
| CVE-2025-66329 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-09 | 4 Medium |
| Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||