Export limit exceeded: 362645 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362645 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362645 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362645 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61018 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-24 | 7.5 High |
| An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2025-61022 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-24 | 7.5 High |
| An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2025-61024 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-24 | 7.5 High |
| An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2025-61025 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-24 | 7.5 High |
| An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2025-61021 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-24 | N/A |
| An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2025-61028 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-24 | 7.5 High |
| An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2026-39253 | 1 Pivotal | 1 Crm | 2026-06-24 | 8.1 High |
| An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components. | ||||
| CVE-2025-61020 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-24 | 7.5 High |
| An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2025-61029 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-24 | 7.5 High |
| An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2026-11833 | 1 Yokogawa | 2 Ci Server, Fast/tools | 2026-06-24 | N/A |
| Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server (All packages) R1.01 to R1.04 | ||||
| CVE-2026-55653 | 2 Openssh, Redhat | 6 Openssh, Enterprise Linux, Hardened Images and 3 more | 2026-06-24 | 4.3 Medium |
| A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS). | ||||
| CVE-2026-55655 | 2 Openssh, Redhat | 6 Openssh, Enterprise Linux, Hardened Images and 3 more | 2026-06-24 | 5 Medium |
| A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session. | ||||
| CVE-2026-55654 | 2 Openssh, Redhat | 6 Openssh, Enterprise Linux, Hardened Images and 3 more | 2026-06-24 | 3.7 Low |
| A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service. | ||||
| CVE-2026-7842 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-06-24 | 6.8 Medium |
| The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import_list(), url_detail(), and file_detail() admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level access or higher to perform time-based blind SQL injection and extract sensitive data from the database. The ImportData module must be enabled via the Infility Global WordPress plugin before 2.15.20's module toggle page. | ||||
| CVE-2026-8163 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-06-24 | 8.8 High |
| The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above. | ||||
| CVE-2026-8172 | 2 Wordpress, Wpkube | 2 Wordpress, Simple Basic Contact Form | 2026-06-24 | 7.1 High |
| The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission. | ||||
| CVE-2023-54365 | 1 Traefik | 2 Traefik, Traefik Enterprise | 2026-06-24 | 7.5 High |
| Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability. | ||||
| CVE-2026-56222 | 1 Cap-go | 1 Cap-go | 2026-06-24 | 7.2 High |
| Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by other organizations, enabling unauthorized read and modification of victim applications. | ||||
| CVE-2026-56225 | 1 Cap-go | 1 Cap-go | 2026-06-24 | 8.3 High |
| Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a single app via limited_to_apps are only checked for limited_to_orgs and not for limited_to_apps, so an app-scoped key can enumerate, update, and delete sibling API keys belonging to the same account that are outside its declared app scope, enabling tampering with account-level credentials. | ||||
| CVE-2026-56234 | 1 Cap-go | 1 Cap-go | 2026-06-24 | 5.3 Medium |
| Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate limiting, enabling attackers to perform password spraying and credential stuffing attacks to compromise user accounts. | ||||