Export limit exceeded: 352167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3636 | 1 Mattermost | 1 Mattermost | 2026-05-22 | 4.3 Medium |
| Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API endpoints.. Mattermost Advisory ID: MMSA-2026-00626 | ||||
| CVE-2026-4646 | 1 Mattermost | 1 Mattermost | 2026-05-22 | 4.3 Medium |
| Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID: MMSA-2026-00638 | ||||
| CVE-2026-4635 | 1 Mattermost | 1 Mattermost | 2026-05-22 | 6.5 Medium |
| Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting existing persistent notifications and archiving the channel.. Mattermost Advisory ID: MMSA-2026-00637 | ||||
| CVE-2026-44072 | 1 Netatalk | 1 Netatalk | 2026-05-22 | 2.5 Low |
| Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions. | ||||
| CVE-2023-1723 | 1 Vegayazilim | 1 Mobile Assistant | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection. This issue affects Mobile Assistant: before 21.S.2343. | ||||
| CVE-2023-1725 | 1 Infoline-tr | 1 Project Management System | 2026-05-22 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery. This issue affects Project Management System: before 4.09.31.125. | ||||
| CVE-2023-1726 | 1 Prolizyazilim | 1 Student Affairs Information System | 2026-05-22 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user. This issue affects OBS: before 23.04.01. | ||||
| CVE-2023-1728 | 1 Fernus | 1 Learning Management Systems | 2026-05-22 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection. This issue affects LMS: before 23.04.03. | ||||
| CVE-2023-1765 | 1 Akbim | 1 Panon | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection. This issue affects Panon: before 1.0.2. | ||||
| CVE-2026-34908 | 1 Ubiquiti | 31 Efg, Envr, Envr-core and 28 more | 2026-05-22 | 10 Critical |
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | ||||
| CVE-2026-34910 | 1 Ubiquiti | 31 Efg, Envr, Envr-core and 28 more | 2026-05-22 | 10 Critical |
| A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | ||||
| CVE-2023-1766 | 1 Akbim | 1 Panon | 2026-05-22 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS. This issue affects Panon: before 1.0.2. | ||||
| CVE-2023-1803 | 1 Redline | 1 Router Firmware | 2026-05-22 | 9.8 Critical |
| Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17. | ||||
| CVE-2026-33000 | 1 Ubiquiti | 1 Unifi Os | 2026-05-22 | 9.1 Critical |
| A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | ||||
| CVE-2026-36189 | 1 Uncrustify | 1 Uncrustify | 2026-05-22 | 6.2 Medium |
| Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the check_template.cpp, check_template function, tokenize_cleanup function, uncrustify executable components | ||||
| CVE-2026-27393 | 2 Tobias, Wordpress | 2 Cf7 Wow Styler, Wordpress | 2026-05-22 | 5.3 Medium |
| Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6. | ||||
| CVE-2025-13477 | 1 Digital Operations Services Inc. | 1 Wifiburada | 2026-05-22 | 7.1 High |
| Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-71214 | 1 Trendmicro | 1 Apexone Op | 2026-05-22 | 7.8 High |
| An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). | ||||
| CVE-2025-71215 | 1 Trendmicro | 1 Apexone Op | 2026-05-22 | 7 High |
| A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). | ||||
| CVE-2025-71216 | 1 Trendmicro | 1 Apexone Op | 2026-05-22 | 7.8 High |
| A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The following information is provided as informational only for CVE references, as these were addressed already via ActiveUpdate/SaaS updates in mid to late 2025 (SaaS 2507 & 2005 Yearly Release). | ||||