Export limit exceeded: 366124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86670 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-22664 2 F, Fka 2 Prompts.chat, Prompts.chat 2026-05-26 7.7 High
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account.
CVE-2026-22661 2 F, Fka 2 Prompts.chat, Prompts.chat 2026-05-26 8.1 High
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing server-side filename validation to inject path traversal sequences ../ into skill file archives, which when extracted by vulnerable tools writing files outside the intended directory and overwriting shell initialization files to achieve code execution.
CVE-2026-22190 2 Cmu, Panda3d 2 Panda3d, Panda3d 2026-05-26 7.5 High
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values.
CVE-2021-47975 2 Wordpress, Wplearnmanager 2 Wordpress, Wp Learn Manager 2026-05-26 7.2 High
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the `fieldtitle` parameter. Attackers can submit POST requests to the jslm_fieldordering page with XSS payloads in the fieldtitle field to execute arbitrary JavaScript when administrators view the field ordering interface.
CVE-2020-37220 1 Huawei 1 Hg630 Router 2026-05-26 7.5 High
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to log in to the router.
CVE-2020-37015 1 Ruijienetworks 1 Switch Eweb S29 Rgos 2026-05-26 7.5 High
The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve system configuration files containing credentials and network settings.
CVE-2020-37011 1 Gnome 2 Fonts Viewer, Gnome-font-viewer 2026-05-26 7.5 High
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through repeated malloc() calls and potentially crash the gnome-font-viewer process.
CVE-2018-25304 1 Freedownloadmanager 1 Free Download Manager 2026-05-26 8.4 High
Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code.
CVE-2013-10050 2 D-link, Dlink 6 Dir-300, Dir-615, Dir-300 and 3 more 2026-05-26 8.8 High
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
CVE-2026-48837 2 Unlimited-elements, Wordpress 2 Unlimited Elements For Elementor, Wordpress 2026-05-26 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8.
CVE-2026-45438 2 Webtoffee, Wordpress 2 Smart Coupons For Woocommerce, Wordpress 2026-05-26 7.5 High
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0.
CVE-2026-45216 2 Storeapps, Wordpress 2 Smart Manager, Wordpress 2026-05-26 8.8 High
Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0.
CVE-2026-8046 1 Codesys 32 Codesys Control For Beaglebone Sl, Codesys Control For Empc A Imx6 Sl, Codesys Control For Iot2000 Sl and 29 more 2026-05-26 8.1 High
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
CVE-2024-47091 1 Checkmk 1 Checkmk 2026-05-26 7.8 High
Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary code in the context of the Checkmk agent service, which typically runs as SYSTEM.
CVE-2026-44742 1 Postorius Project 1 Postorius 2026-05-26 7.2 High
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.
CVE-2026-45229 1 Cp0204 1 Quark-auto-save 2026-05-25 8.8 High
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the config_data dictionary. Attackers can exploit insufficient deny-list filtering to permanently replace stored login credentials, lock out legitimate administrators, and gain persistent access to all configured tasks, cloud tokens, and notification services.
CVE-2026-41938 1 Givanz 1 Vvveb 2026-05-25 8.8 High
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can upload a .phtml file containing arbitrary PHP code and execute the uploaded payload through a subsequent unauthenticated HTTP GET request to the uploaded file, resulting in remote code execution with web server privileges.
CVE-2026-41937 1 Givanz 1 Vvveb 2026-05-25 7.2 High
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a public/index.php file with arbitrary PHP code, which executes as the web server user once accessed via subsequent unauthenticated HTTP requests to the plugin's public path.
CVE-2026-41934 1 Givanz 1 Vvveb 2026-05-25 8.8 High
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code through insufficient file extension restrictions, with the uploaded payload then executable via subsequent unauthenticated HTTP requests. Attackers with editor, author, contributor, or site_admin roles can write a malicious .htaccess file to map arbitrary extensions to the PHP handler, then upload PHP code with that extension to achieve unauthenticated remote code execution when the file is accessed via HTTP.
CVE-2026-25863 2 Jules Colle, Wordpress 2 Conditional Fields For Contact Form 7, Wordpress 2026-05-25 7.5 High
Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied POST parameters without validation or upper bound enforcement. Unauthenticated attackers can supply an arbitrarily large integer value through the REST API endpoint to cause unbounded loop execution with multiple preg_replace() operations, exhausting server memory and crashing the PHP process.