Export limit exceeded: 359782 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359782 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20275 | 1 Henryschorradt | 1 Bridge | 2026-06-20 | 8.2 High |
| Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names. | ||||
| CVE-2017-20277 | 1 Joomboost | 1 Joomla Joomrecipe | 2026-06-20 | 8.2 High |
| Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques. | ||||
| CVE-2017-20278 | 1 Joomboost | 1 Joomrecipe | 2026-06-20 | 8.2 High |
| Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the category path segment to extract sensitive database information. | ||||
| CVE-2017-20281 | 1 Joomlaboat | 1 Extra Search | 2026-06-20 | 8.2 High |
| Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information. | ||||
| CVE-2026-49260 | 1 Pontedilana | 1 Php-weasyprint | 2026-06-20 | 8.2 High |
| PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for WeasyPrint by passing the binary path through `escapeshellarg()` first and then checking the *quoted* result with `is_executable()`. On POSIX `escapeshellarg('/usr/local/bin/weasyprint')` returns `'/usr/local/bin/weasyprint'` with the single-quote characters as part of the string, so `is_executable()` looks for a file whose actual name includes those quotes. That file never exists, the "safe" branch is dead code, and the raw `$binary` string (set via the constructor or `setBinary()`) flows directly into `Symfony\Component\Process\Process::fromShellCommandline()`. Any deployment whose binary path is sourced from configuration, an environment variable, or a per-tenant setting reaches a shell-command-injection sink. The library is documented as a one-to-one substitute for KnpLabs/snappy and inherited the exact pre-fix codepath KnpLabs patched in GHSA-vpr4-p6fq-85jc. PhpWeasyPrint version 2.5.1 contains a patch for the issue. | ||||
| CVE-2019-25748 | 1 Cmsjunkie | 1 Jhotelreservation | 2026-06-20 | 8.2 High |
| Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the rooms parameter to extract sensitive database information including version details. | ||||
| CVE-2019-25754 | 1 Wdmtech | 1 Vrestaurant | 2026-06-20 | 8.2 High |
| Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL payloads in the keysearch parameter to extract database table names and sensitive information from the database. | ||||
| CVE-2019-25758 | 1 Wdmtech | 1 Vbizz | 2026-06-20 | 8.8 High |
| Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution. | ||||
| CVE-2019-25760 | 1 Joomtech | 1 Easy Shop | 2026-06-20 | 6.2 Medium |
| Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task set to ajax.loadImage, and a base64-encoded file path in the file parameter to retrieve sensitive files like configuration.php and system files. | ||||
| CVE-2026-12238 | 2 Wordpress, Wpgmaps | 2 Wordpress, Wp Go Maps – Google Map, Openstreetmap, Leaflet Map | 2026-06-20 | 5.3 Medium |
| The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to create arbitrary records in plugin database tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-backed class name via the phpClass parameter. The namespace validation check (requiring the 'WPGMZA' prefix) does not prevent exploitation because classes such as WPGMZA\Map and WPGMZA\Marker satisfy it while still triggering an INSERT into the corresponding plugin table before the route rejects the request. | ||||
| CVE-2026-56346 | 1 Wwbn | 1 Avideo | 2026-06-20 | 6.5 Medium |
| AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks. | ||||
| CVE-2026-56340 | 1 Vllm | 1 Vllm | 2026-06-20 | 8.8 High |
| vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause. | ||||
| CVE-2026-56304 | 1 Mmaitre314 | 1 Picklescan | 2026-06-20 | 6.5 Medium |
| picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption. | ||||
| CVE-2026-56235 | 2026-06-20 | 5.3 Medium | ||
| Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metrics) that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public Supabase API key (sb_publishable_*) can query arbitrary org_id values to disclose cross-tenant usage telemetry (MAU, bandwidth, installs, gets), enumerate app IDs for a target org, and determine org existence via an oracle (valid org returns metrics, invalid returns []). | ||||
| CVE-2026-56228 | 2026-06-20 | 4.9 Medium | ||
| Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value (e.g., billions of characters) as the minimum password length, making compliance impossible for all organization members. Once the policy is enabled, users (including administrators) are unable to change their passwords or access the organization, resulting in an organization-wide account lockout and application-level denial of service. | ||||
| CVE-2026-56317 | 1 Nuxt | 1 Nuxt | 2026-06-20 | N/A |
| Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which execute in the document context when the noscript tag is implicitly closed by script tags. | ||||
| CVE-2026-44915 | 1 Apache | 1 Apisix | 2026-06-20 | N/A |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue. | ||||
| CVE-2026-56215 | 2026-06-20 | 8.3 High | ||
| Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoint to merge the victim's SSO identity into the attacker-controlled account. | ||||
| CVE-2026-41840 | 2 Spring, Vmware | 2 Spring Framework, Spring Framework | 2026-06-20 | 5.9 Medium |
| Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48. | ||||
| CVE-2026-48787 | 1 Flipped-aurora | 1 Gin-vue-admin | 2026-06-19 | N/A |
| gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then invoking POST /autoCode/mcpStart to trigger a rebuild and restart of the standalone MCP service. This allows arbitrary operating system commands to be executed on the server with the privileges of the application process. Successful exploitation may lead to remote code execution (RCE), modification of backend source code or runtime logic, deployment of persistent backdoors, access to or manipulation of application data and configuration, and further impact on local resources running under the same service account or privilege context. The risk is highest in deployments that retain the source tree, allow writes to source files, and support local build or startup of standalone MCP components. In environments using binary-only releases, read-only filesystems, or with local build capabilities removed, the exploitability of the full attack chain is significantly reduced. However, once the online code-generation capability and MCP-hosted startup workflow are enabled, the overall security impact may reach high to critical severity. As of time of publication, it is unknown if a patched version is available. As a workaround, enforce strict allowlist validation on path- and identifier-related fields such as `humpPackageName`, `packageName`, `FuncName`, and `Router`, and only permit safe identifier formats. | ||||