Export limit exceeded: 359556 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359556 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12805 | 1 Offis | 1 Dcmtk | 2026-06-21 | 6.3 Medium |
| A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. This patch is called 1d4b3815c0987840a983160bfc671fef63a3105b. It is best practice to apply a patch to resolve this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2026-12796 | 2 Berriai, Litellm | 2 Litellm, Litellm | 2026-06-21 | 6.3 Medium |
| A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-71378 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-06-21 | 8.1 High |
| picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load(). | ||||
| CVE-2026-56406 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | ||||
| CVE-2026-56410 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | ||||
| CVE-2026-56412 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 4.9 Medium |
| libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. | ||||
| CVE-2026-12804 | 1 Lemonldap-ng | 1 Lemonldap-ng | 2026-06-21 | 4.3 Medium |
| A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-56403 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in storeAtts. | ||||
| CVE-2026-56407 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | ||||
| CVE-2026-56409 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.5 Medium |
| xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | ||||
| CVE-2026-56405 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in getAttributeId. | ||||
| CVE-2026-56408 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in copyString. | ||||
| CVE-2026-56411 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | ||||
| CVE-2026-56404 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in addBinding. | ||||
| CVE-2026-56397 | 1 B3log | 1 Siyuan | 2026-06-21 | 9.6 Critical |
| SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands. | ||||
| CVE-2026-56396 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-06-21 | 8.8 High |
| phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag or grant arbitrary rights to escalate to SuperAdmin access. | ||||
| CVE-2026-56395 | 1 B3log | 1 Siyuan | 2026-06-21 | 9.6 Critical |
| SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands. | ||||
| CVE-2026-56394 | 1 Juzaweb | 1 Cms | 2026-06-21 | 6.5 Medium |
| Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files, allowing local file read access. | ||||
| CVE-2026-56393 | 1 Juzaweb | 1 Cms | 2026-06-21 | 4.8 Medium |
| Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization (e.g., via the checkbox.twig template, which used {{ label|raw }}). An authenticated administrator (with allowAdminChanges enabled) can inject malicious payloads into section names, volume names, user group names, global set names, generated field names, checkbox/radio option labels, and custom source labels, causing arbitrary JavaScript to execute in other users' control-panel sessions. Fixed in 4.17.0-beta.1 and 5.9.0-beta.1. | ||||
| CVE-2026-56385 | 1 Juzaweb | 1 Cms | 2026-06-21 | 4.3 Medium |
| Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an asset they are not permitted to view and still receive preview response data (previewHtml), including a private preview image route containing the target private assetId. Fixed in 5.9.14 and 4.17.8. | ||||