Export limit exceeded: 360403 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360403 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27429 | 2 Boldthemes, Wordpress | 2 Nifty, Wordpress | 2026-06-23 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions. | ||||
| CVE-2026-34893 | 2 Webgeniuslab, Wordpress | 2 Thegov Core, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions. | ||||
| CVE-2026-34894 | 2 Webgeniuslab, Wordpress | 2 Integrio Core, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions. | ||||
| CVE-2026-11745 | 1 Ly Corporation | 1 Central Dogma | 2026-06-23 | N/A |
| A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories. | ||||
| CVE-2026-11746 | 1 Ly Corporation | 1 Central Dogma | 2026-06-23 | N/A |
| A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster. | ||||
| CVE-2026-11748 | 1 Ly Corporation | 1 Central Dogma | 2026-06-23 | N/A |
| A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure. | ||||
| CVE-2025-4994 | 1 Safeline | 1 Safeline Sl6/sl6+ | 2026-06-23 | N/A |
| The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration. | ||||
| CVE-2026-11373 | 1 Jasei | 1 Net::statsite::client | 2026-06-23 | 9.1 Critical |
| Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol control characters such as colons or pipes, allowing metric injections. | ||||
| CVE-2026-12602 | 1 Aruba | 1 Arubasign | 2026-06-23 | N/A |
| Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity. | ||||
| CVE-2026-41045 | 1 Presire | 1 Qsnapper | 2026-06-23 | 8.1 High |
| A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user. | ||||
| CVE-2026-41046 | 1 Presire | 1 Qsnapper | 2026-06-23 | 7.3 High |
| A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root. | ||||
| CVE-2026-50178 | 1 Angular | 2 Angular, Angular.ng-template | 2026-06-23 | N/A |
| The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option (located in client/src/client.ts). This setting instructs VS Code to trust all rendered content it receives, which enables active elements such as command: URIs. However, the background Angular Language Server process fails to escape or sanitize brackets, raw links, and control characters from JSDoc strings before forwarding the hover Markdown content (located in server/src/handlers/hover.ts and server/src/text_render.ts). An attacker can leverage this behavior by crafting a project TypeScript or JavaScript file (or a third-party npm package dependency) containing a malicious JSDoc tooltip with an embedded active command link. When a developer hovers over the target symbol to render the tooltip and clicks the malicious link, the IDE executes the command sequence directly on the developer's host machine. Prior to 21.2.4, This vulnerability is fixed in 21.2.4. | ||||
| CVE-2026-12479 | 1 Keras-team | 1 Keras | 2026-06-23 | N/A |
| A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths without sanitizing for parent directory components (`..`). While forward slashes (`/`) are restricted in layer names, directory traversal sequences are not. This allows an attacker to craft a malicious Keras model that, when saved or loaded, can escape the intended temporary working directory and perform unauthorized file system operations, such as creating directories or writing files in arbitrary locations. | ||||
| CVE-2026-41047 | 1 Presire | 1 Qsnapper | 2026-06-23 | N/A |
| Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information. | ||||
| CVE-2026-41048 | 1 Presire | 1 Qsnapper | 2026-06-23 | N/A |
| Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot". | ||||
| CVE-2026-41049 | 1 Presire | 1 Qsnapper | 2026-06-23 | N/A |
| Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them. | ||||
| CVE-2026-55388 | 1 Piscinajs | 1 Piscina | 2026-06-23 | 8.1 High |
| piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When Object.prototype.filename is polluted upstream the inherited value flows to worker_threads.Worker import and the attacker's .mjs runs in the worker. This vulnerability is fixed in 6.0.0-rc.2, 5.2.0, and 4.9.3. | ||||
| CVE-2026-11834 | 2 Tp-link, Tp Link | 7 Archer C20 V5, Archer C20 V6, Archer Mr200 V07 and 4 more | 2026-06-23 | N/A |
| A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially resulting in unauthorized command execution during device initialization or provisioning workflows. This typically occurs when the device is in a factory-default or unconfigured state. Successful exploitation may allow an adjacent, unauthenticated attacker to execute arbitrary commands with elevated privileges, potentially leading to full compromise of the affected device and unauthorized administrative control. | ||||
| CVE-2026-44889 | 1 Pylons | 1 Webob | 2026-06-23 | 6.1 Medium |
| WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit strips ASCII tab, carriage return, and newline characters before parsing, so a redirect target containing such characters can be reinterpreted as a protocol-relative URL whose authority is an attacker-controlled host. This bypasses the CVE-2024-42353 fix that escaped a leading double slash, allowing an attacker who influences the redirect location to send users to an arbitrary external site instead of the intended one. This vulnerability is fixed in 1.8.10. | ||||
| CVE-2026-9733 | 1 Hayajo | 1 Mojolicious::plugin::web::auth::oauth2 | 2026-06-23 | 9.1 Critical |
| Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function. A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF). | ||||