Export limit exceeded: 357147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357147 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24719 | 1 Qnap Systems | 2 Qts, Quts Hero | 2026-06-10 | N/A |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later | ||||
| CVE-2026-53473 | 2026-06-10 | 7.3 High | ||
| A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions. | ||||
| CVE-2020-18171 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2026-06-10 | 8.8 High |
| TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details. | ||||
| CVE-2026-25089 | 1 Fortinet | 3 Fortisandbox, Fortisandboxcloud, Fortisandboxpaas | 2026-06-10 | 9.1 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests | ||||
| CVE-2026-24716 | 1 Qnap Systems Inc. | 2 Qts, Quts Hero | 2026-06-10 | N/A |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later | ||||
| CVE-2026-24717 | 1 Qnap Systems | 2 Qts, Quts Hero | 2026-06-10 | N/A |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later | ||||
| CVE-2026-46558 | 2026-06-10 | 8.3 High | ||
| Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1. | ||||
| CVE-2020-18169 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2026-06-10 | 7.8 High |
| A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details. | ||||
| CVE-2026-45567 | 2026-06-10 | 8.3 High | ||
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-26237 | 1 Qnap Systems | 1 Qumagie | 2026-06-10 | N/A |
| A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later | ||||
| CVE-2026-45565 | 2026-06-10 | 8.1 High | ||
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its if/elif/elif/else flow returns the metacharacter-stripped value without also enforcing the .. block. An attacker who appends a single ;, &, |, $, or backtick to a .. payload routes the value through the strip arm, where .. survives unblocked and the result is not shlex.quote()'d either. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-0416 | 1 Netgear | 2 Raxe450, Raxe500 | 2026-06-10 | N/A |
| Authenticated administrators connected to the local network can modify router functionality beyond what is intended through the standard management interface. | ||||
| CVE-2026-11676 | 2 Google, Linux | 3 Chrome, Chrome Os, Linux Kernel | 2026-06-10 | 8.3 High |
| Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-11681 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2026-06-10 | 8.8 High |
| Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-4480 | 2 Redhat, Samba | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-06-10 | 9 Critical |
| A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system. | ||||
| CVE-2026-48574 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.8 High |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-4408 | 2 Redhat, Samba | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-06-10 | 9 Critical |
| A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service. | ||||
| CVE-2026-3012 | 2 Redhat, Samba | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-06-10 | 8 High |
| A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications. | ||||
| CVE-2026-1933 | 2 Redhat, Samba | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-06-10 | 7.1 High |
| A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types. | ||||
| CVE-2026-0412 | 1 Netgear | 1 Jr6150 | 2026-06-10 | N/A |
| Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware. | ||||