Export limit exceeded: 359436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47749 | 2026-06-16 | 7.8 High | ||
| stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the SHORT_BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. Any application using affected stable-diffusion.cpp releases to load untrusted .ckpt model files could be vulnerable. A malicious checkpoint file could cause heap corruption through memcpy with an attacker-controlled length. This may lead to process crash and could potentially be leveraged for code execution depending on heap layout. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by not loading .ckpt checkpoint files from untrusted sources, and referring to trusted model sources and safer formats such as .safetensors where possible. | ||||
| CVE-2026-8683 | 1 Mattermost | 2 Mattermost, Mattermost Desktop | 2026-06-16 | 6.5 Medium |
| Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID: MMSA-2026-00652 | ||||
| CVE-2026-53899 | 1 Mozilla | 1 Firefox For Ios | 2026-06-16 | 6.5 Medium |
| Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0. | ||||
| CVE-2026-41082 | 1 Ocaml | 1 Ocaml | 2026-06-16 | 7.3 High |
| In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | ||||
| CVE-2026-12205 | 1 Timlegge | 1 Crypt::dsa | 2026-06-16 | 9.1 Critical |
| Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised. | ||||
| CVE-2025-68872 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions. | ||||
| CVE-2026-27053 | 2026-06-16 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. | ||||
| CVE-2026-39435 | 2 Bgermann, Wordpress | 2 Cformsii, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions. | ||||
| CVE-2026-39518 | 2026-06-16 | 7.1 High | ||
| Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. | ||||
| CVE-2026-39532 | 2026-06-16 | 8.8 High | ||
| Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. | ||||
| CVE-2026-39584 | 2 Webful Creations, Wordpress | 2 Repairbuddy, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions. | ||||
| CVE-2026-40770 | 2 Relywp, Wordpress | 2 Coupon Affiliates, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions. | ||||
| CVE-2026-42663 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership | 2026-06-16 | 6.5 Medium |
| Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions. | ||||
| CVE-2026-39574 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. | ||||
| CVE-2026-52712 | 2 Tnomi, Wordpress | 2 Attendance Manager, Wordpress | 2026-06-16 | 7.6 High |
| Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions. | ||||
| CVE-2026-54198 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions. | ||||
| CVE-2026-8442 | 2026-06-16 | 8.1 High | ||
| The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb_hide_review and wprp_save_review_admin AJAX handlers combined with insufficient path validation in the wpfb_hidereview_ajax() function, which uses strpos() to check that a stored media URL starts with the expected prefix but fails to sanitize path traversal sequences in the remaining relative path before passing it to unlink(). This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2026-47684 | 1 Sync-in | 1 Server | 2026-06-16 | 7.7 High |
| Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF protection to be bypassed on dual-stack systems. Version 2.3.0 fixes the issue. | ||||
| CVE-2026-46033 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequence number data at the end of the authenticated data. While crypto_authenc_esn_setauthsize() already rejects explicit non-zero authsizes in the range 1..3, crypto_authenc_esn_create() still copied auth->digestsize into inst->alg.maxauthsize without validating it. The AEAD core then initialized the tfm's default authsize from that value. As a result, selecting an ahash with digest size 1..3, such as cbcmac(cipher_null), exposed authencesn instances whose default authsize was invalid even though setauthsize() would have rejected the same value. AF_ALG could then trigger the ESN tail handling with a too-short tag and hit an out-of-bounds access. Reject authencesn instances whose ahash digest size is in the invalid non-zero range 1..3 so that no tfm can inherit an unsupported default authsize. | ||||
| CVE-2026-5038 | 1 Expressjs | 1 Multer | 2026-06-16 | 5.3 Medium |
| Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe() call does not propagate the stream destroy signal to the underlying fs.WriteStream. An attacker can exhaust disk space by triggering many aborted uploads, with no application bug required. Patches: Users should upgrade to multer 2.2.0 (2.x line) or 3.0.0-alpha.2 (3.x prerelease). Both versions track in-flight write streams and clean them up on the abort path. Workarounds: None. | ||||