Export limit exceeded: 359236 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359236 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-55196 | 2026-06-17 | 9.1 Critical | ||
| Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register endpoints are accessible without authentication, allowing attackers to claim the first passkey and gain permanent administrative control. | ||||
| CVE-2026-30803 | 1 Rti | 1 Connext Micro | 2026-06-17 | N/A |
| Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0. | ||||
| CVE-2026-2674 | 1 Rti | 1 Connext Professional | 2026-06-17 | N/A |
| Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*. | ||||
| CVE-2025-71320 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | 9.8 Critical |
| picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized. | ||||
| CVE-2026-35069 | 2026-06-17 | 5.7 Medium | ||
| Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2026-53875 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | N/A |
| picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load(). | ||||
| CVE-2025-71323 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | 9.8 Critical |
| picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection. | ||||
| CVE-2025-48571 | 1 Google | 1 Android | 2026-06-17 | 4.3 Medium |
| In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-10094 | 2026-06-17 | 9.8 Critical | ||
| A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server. | ||||
| CVE-2026-12199 | 1 Nltk | 1 Nltk/nltk | 2026-06-17 | 6.5 Medium |
| A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request (`/SHUTDOWN%20THE%20SERVER`) to terminate the process immediately via `os._exit(0)`. This results in a denial of service, impacting service availability. The issue arises due to insufficient authentication and protection mechanisms for critical server functions. | ||||
| CVE-2026-53872 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | 7.5 High |
| picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers. | ||||
| CVE-2026-4374 | 1 Rti | 1 Connext Professional | 2026-06-17 | 9.1 Critical |
| Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cloud Discovery Service, Recording Service, Routing Service, Queueing Service, Observability Collector) allows Serialized Data External Linking, Data Serialization External Entities Blowup.<p>This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.1.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*.</p> | ||||
| CVE-2026-1288 | 1 Autodesk | 1 Revit | 2026-06-17 | 5.5 Medium |
| A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition. | ||||
| CVE-2025-71325 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | 9.8 Critical |
| picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning. | ||||
| CVE-2026-20246 | 2026-06-17 | 6 Medium | ||
| A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root. | ||||
| CVE-2026-20220 | 2026-06-17 | 6.3 Medium | ||
| A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions. To exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability. | ||||
| CVE-2026-2394 | 1 Rti | 1 Connext Professional | 2026-06-17 | 6.5 Medium |
| Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.2.34, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | ||||
| CVE-2026-20190 | 2026-06-17 | 7.5 High | ||
| A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks. | ||||
| CVE-2025-14543 | 1 Rti | 1 Connext Professional | 2026-06-17 | 9.1 Critical |
| Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | ||||
| CVE-2026-47636 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-06-17 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | ||||