Export limit exceeded: 351412 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351412 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4054 | 1 Mattermost | 1 Mattermost | 2026-05-15 | 4.3 Medium |
| Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header (e.g. image/png) embedded in an og:image meta tag or Markdown image link.. Mattermost Advisory ID: MMSA-2026-00630 | ||||
| CVE-2026-4053 | 1 Mattermost | 1 Mattermost | 2026-05-15 | 3.1 Low |
| Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints.. Mattermost Advisory ID: MMSA-2026-00631 | ||||
| CVE-2026-45009 | 1 Thorsten | 1 Phpmyfaq | 2026-05-15 | 4.3 Medium |
| phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access sensitive backend operational information including dashboard versions, LDAP configuration, Elasticsearch statistics, and health-check data. | ||||
| CVE-2026-46360 | 1 Thorsten | 1 Phpmyfaq | 2026-05-15 | 5.4 Medium |
| phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG. | ||||
| CVE-2026-46363 | 1 Thorsten | 1 Phpmyfaq | 2026-05-15 | 5.4 Medium |
| phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter. | ||||
| CVE-2026-46366 | 1 Thorsten | 1 Phpmyfaq | 2026-05-15 | 7.5 High |
| phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links. | ||||
| CVE-2026-8686 | 1 Freertos | 1 Coremqtt | 2026-05-15 | 7.5 High |
| Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1. | ||||
| CVE-2026-46407 | 1 Givanz | 1 Vvveb | 2026-05-15 | 8.1 High |
| Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's admin_id. This can disclose sensitive API tokens belonging to other administrators. This vulnerability is fixed in 1.0.8.3. | ||||
| CVE-2026-46408 | 1 Givanz | 1 Vvveb | 2026-05-15 | 7.6 High |
| Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another user's cart data in their own checkout session. This vulnerability is fixed in 1.0.8.3. | ||||
| CVE-2026-45399 | 1 Open-webui | 1 Open-webui | 2026-05-15 | 7.1 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST /api/tasks/stop/{task_id} methods. This allows a casual user to disrupt system-wide chat usage by continuously canceling other users' active tasks. This is a real authorization vulnerability affecting integrity and usability in multi-user deployments. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2026-45339 | 1 Open-webui | 1 Open-webui | 2026-05-15 | 6.5 Medium |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from /api/v1/messages, requests using the Authorization: Bearer sk-... header are correctly blocked with 403. However, the same key sent via the x-api-key header bypasses the restriction entirely — the request is authenticated, the model is invoked, and a full response is returned. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2026-45349 | 1 Open-webui | 1 Open-webui | 2026-05-15 | 7.1 High |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key (generated in OWUI) and the Chat ID of another user to continue the conversation of the other user. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2026-29203 | 1 Webpros | 3 Cpanel, Cpanel (centos 6, Cloudlinux 6), Wp Squared | 2026-05-15 | 8.8 High |
| A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory. | ||||
| CVE-2021-47968 | 1 Podcastgenerator | 1 Podcast Generator | 2026-05-15 | 6.4 Medium |
| Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long_description parameter. Attackers can inject script tags through episode creation or editing requests to execute arbitrary JavaScript when other users view the episode details. | ||||
| CVE-2026-44695 | 1 Getoutline | 1 Outline | 2026-05-15 | 5.8 Medium |
| Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a logged-in Outline user complete the callback and link that user's Outline account to the attacker's Slack team_id and user_id. The linked Slack identity can then use the Slack /outline search command as the victim Outline user. This vulnerability is fixed in 1.7.1. | ||||
| CVE-2026-43912 | 1 Dani-garcia | 1 Vaultwarden | 2026-05-15 | 8.7 High |
| Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as groups.groups_uuid, or a collections_groups.collections_uuid entry belongs to the same organization as collections_groups.groups_uuid. Multiple organization group-management endpoints accept arbitrary MembershipId and CollectionId values and persist them directly without verifying org consistency. This lets an attacker who is Admin in Organization A, and only a low-privileged member in Organization B bind their Org B membership UUID into an Org A group, then use that foreign group relationship to gain unauthorized access to Org B vault data. With an accessAll=true Org A group, the attacker can make /api/sync and /api/ciphers enumerate Org B ciphers. Once those unauthorized sync results reveal Org B collection IDs, the attacker can also bind those foreign collection IDs to the Org A group and turn the same flaw into write access over Org B items. This vulnerability is fixed in 1.35.5. | ||||
| CVE-2026-44852 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.2 High |
| An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user. | ||||
| CVE-2026-24000 | 1 Fleetdm | 1 Fleet | 2026-05-15 | 5.3 Medium |
| Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a client’s public IP address using HTTP headers such as X-Forwarded-For, X-Real-IP, and/or True-Client-IP. These headers were trusted without validation. An attacker could supply arbitrary values in these headers, causing Fleet to treat each request as originating from a different IP address. This could allow an attacker to bypass per-IP rate limits and increase the effectiveness of brute-force or password-spraying attempts against authentication endpoints. This issue does not allow authentication bypass, privilege escalation, data exposure, or remote code execution on its own. Version 4.80.1 contains a patch. As a workaround, run Fleet behind a trusted reverse proxy or load balancer that overwrites client IP headers. | ||||
| CVE-2026-8401 | 1 Mozilla | 1 Firefox | 2026-05-15 | 9.8 Critical |
| Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3. | ||||
| CVE-2026-20767 | 1 Intel | 2 Qat Drivers, Quickassist Technology | 2026-05-15 | 7.8 High |
| Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||