Export limit exceeded: 356989 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2304 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12694 | 1 Forcepoint | 1 Vpn Client | 2026-06-04 | N/A |
| A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior. | ||||
| CVE-2025-13506 | 1 Nebim | 1 Nebim V3 Erp | 2026-06-04 | 8.8 High |
| Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1. | ||||
| CVE-2026-44477 | 2 Cloudnative-pg, Linuxfoundation | 2 Cloudnative-pg, Cloudnativepg | 2026-06-03 | 9.9 Critical |
| CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3. | ||||
| CVE-2024-5960 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2026-06-03 | 9.8 Critical |
| Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel: before v2.3.24. | ||||
| CVE-2018-8851 | 1 Echelon | 8 I.lon 100, I.lon 100 Firmware, I.lon 600 and 5 more | 2026-06-02 | 9.8 Critical |
| Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. | ||||
| CVE-2025-0028 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2026-3623 | 1 Ibm | 1 Netezza Performance Server Replication Services | 2026-06-02 | 7.8 High |
| IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability. | ||||
| CVE-2025-57175 | 2 Ceragon, Siklu | 3 Etherhaul-8010fx, Etherhaul-8010fx Firmware, Etherhaul 8010 | 2026-06-02 | 6.4 Medium |
| Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password. | ||||
| CVE-2025-15624 | 1 Sparxsystems | 2 Pro Cloud Server, Sparx Pro Cloud Server | 2026-06-02 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext. | ||||
| CVE-2024-8781 | 1 Tr7cyberdefense | 1 Asp | 2026-06-02 | N/A |
| Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse. This issue affects Application Security Platform (ASP): v1.4.25.188. | ||||
| CVE-2026-42833 | 1 Microsoft | 1 Dynamics 365 | 2026-06-01 | 9.1 Critical |
| Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-46235 | 1 Linux | 1 Linux Kernel | 2026-06-01 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164_dev_setup(). If ioremap for BAR0 or BAR2 fails, release the already allocated PCI memory regions, remove the device from the global list, decrement the device count, and return -ENODEV. This prevents potential null pointer dereferences and ensures proper cleanup on memory mapping failures. | ||||
| CVE-2026-43099 | 1 Linux | 1 Linux Kernel | 2026-06-01 | 7.5 High |
| In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing this error pointer to dev_hold() will cause a kernel crash with null-ptr-deref. Instead, silently discard the request. RFC 8335 does not appear to define a specific response for the case where an IPv6 interface identifier is syntactically valid but the implementation cannot perform the lookup at runtime, and silently dropping the request may safer than misreporting "No Such Interface". | ||||
| CVE-2026-43072 | 1 Linux | 1 Linux Kernel | 2026-06-01 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/vc4: platform_get_irq_byname() returns an int platform_get_irq_byname() will return a negative value if an error happens, so it should be checked and not just passed directly into devm_request_threaded_irq() hoping all will be ok. | ||||
| CVE-2026-31637 | 1 Linux | 1 Linux Kernel | 2026-06-01 | 9.8 Critical |
| In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether crypto_skcipher_decrypt() succeeded. A malformed RESPONSE can therefore use a non-block-aligned ticket length, make the decrypt operation fail, and still drive the ticket parser with attacker-controlled bytes. Check the decrypt result and abort the connection with RXKADBADTICKET when ticket decryption fails. | ||||
| CVE-2026-46010 | 1 Linux | 1 Linux Kernel | 2026-05-30 | 8.1 High |
| In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgk_extract_token() Fix a missing bit of error handling in rxgk_extract_token(): in the event that rxgk_decrypt_skb() returns -ENOMEM, it should just return that rather than continuing on (for anything else, it generates an abort). | ||||
| CVE-2018-25396 | 1 Heatmiser | 1 Heatmiser Wifi Thermostat | 2026-05-29 | 7.5 High |
| Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values from HTML form fields to gain administrative access to the thermostat. | ||||
| CVE-2021-47961 | 1 Synology | 1 Ssl Vpn Client | 2026-05-29 | 8.1 High |
| A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction. | ||||
| CVE-2026-41900 | 1 Th30d4y | 1 Openlearnx | 2026-05-29 | 8.8 High |
| OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3. | ||||
| CVE-2026-23301 | 1 Linux | 1 Linux Kernel | 2026-05-28 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently find_sdca_entity_iot() can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation. | ||||