Export limit exceeded: 351486 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351486 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32679 | 2 Japan Media Systems Corporation, Liveon | 8 Canonnwcamplugin.exe, Canonnwcampluginforadmin.exe, Downloader5installer.exe and 5 more | 2026-05-18 | N/A |
| The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer. | ||||
| CVE-2025-67031 | 1 Orsee | 1 Orsee | 2026-05-18 | 6.3 Medium |
| ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval() call inside tagsets/participant.php and tagsets/options.php. | ||||
| CVE-2026-43911 | 1 Dani-garcia | 1 Vaultwarden | 2026-05-18 | 6.8 Medium |
| Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security-sensitive operations (password change, KDF change, key rotation, email change, org admin password reset, emergency access takeover). This allows an attacker holding a previously obtained refresh token to maintain session access even after the user has taken action to secure their account. This vulnerability is fixed in 1.35.5. | ||||
| CVE-2026-5935 | 1 Ibm | 3 Total Storage Service Console, Total Storage Service Console Tssc Ts4500 Imc, Ts4500 Imc | 2026-05-18 | 7.3 High |
| IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input. | ||||
| CVE-2026-42554 | 1 Gofiber | 1 Fiber | 2026-05-18 | 6.1 Medium |
| Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat() feature. The developer opts into content negotiation by calling AutoFormat(), but does not opt into raw HTML emission for a particular request; Fiber chooses that branch from attacker-controlled Accept. The html branch is the sole outlier in a method whose name (AutoFormat) and symmetrical structure actively telegraph "safe, format-agnostic reply." This vulnerability is fixed in 2.52.12 and 3.1.0. | ||||
| CVE-2026-8730 | 1 Open5gs | 1 Open5gs | 2026-05-18 | 4.3 Medium |
| A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfInstanceId can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-44001 | 2 Patriksimek, Vm2 Project | 2 Vm2, Vm2 | 2026-05-18 | 8.6 High |
| vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2) only sanitized the onRejected callback in .then() and .catch() overrides and did not address the executor-to-unhandledRejection path. This vulnerability is fixed in 3.11.0. | ||||
| CVE-2026-45008 | 1 Thorsten | 1 Phpmyfaq | 2026-05-18 | 6.5 Medium |
| phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope. | ||||
| CVE-2026-45398 | 1 Open-webui | 1 Open-webui | 2026-05-18 | 7.5 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, _validate_collection_access() checks the user-memory-* and file-* collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who knows a private knowledge base UUID can read its content through the retrieval query endpoints, even though the knowledge API correctly denies that user access. The same gap affects the retrieval write endpoints (/process/text, /process/file, /process/files/batch, /process/web, /process/youtube), allowing an attacker to inject content into or overwrite another user's knowledge base. This vulnerability is fixed in 0.9.5. | ||||
| CVE-2026-1631 | 2 Smashballoon, Wordpress | 2 Feeds For Youtube, Wordpress | 2026-05-18 | 5.4 Medium |
| The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4's license key due to a missing capability check on the 'actions' function. This makes it possible for subscribers and above delete the license key. | ||||
| CVE-2026-6381 | 2 Wordpress, Wp Maps | 2 Wordpress, Wp Maps | 2026-05-18 | 7.5 High |
| The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks. | ||||
| CVE-2026-7302 | 1 Sglang | 1 Sglang | 2026-05-18 | 9.1 Critical |
| SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints. | ||||
| CVE-2026-41948 | 1 Langgenius | 1 Dify | 2026-05-18 | 7.7 High |
| Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker. | ||||
| CVE-2026-41949 | 1 Langgenius | 1 Dify | 2026-05-18 | 5.9 Medium |
| Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker. | ||||
| CVE-2026-42579 | 1 Netty | 1 Netty | 2026-05-18 | 7.5 High |
| Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final. | ||||
| CVE-2026-44718 | 1 Mathesar-foundation | 1 Mathesar | 2026-05-18 | N/A |
| Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifying that the requesting user was a collaborator on the exploration’s database. An authenticated user on the same Mathesar installation who knew or guessed an exploration ID could read, replace, or delete a saved exploration belonging to a database where they were not a collaborator. This affected Mathesar-managed saved exploration definitions, including names, descriptions, selected columns, display metadata, filters, sorting, and transformations. This vulnerability is fixed in 0.10.0. | ||||
| CVE-2026-44302 | 1 Brantburnett | 1 Snappier | 2026-05-18 | 7.5 High |
| Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1. | ||||
| CVE-2026-42544 | 1 Emmett-framework | 1 Granian | 2026-05-18 | 7.5 High |
| Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction path, before the ASGI application is invoked. This vulnerability is fixed in 2.7.4. | ||||
| CVE-2026-44665 | 1 Naturalintelligence | 1 Fast-xml-builder | 2026-05-18 | 6.1 Medium |
| fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in 1.1.7. | ||||
| CVE-2026-7301 | 1 Sglang | 1 Sglang | 2026-05-18 | 9.8 Critical |
| SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet. | ||||