Export limit exceeded: 357638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357638 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47195 | 2026-06-12 | N/A | ||
| Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissions can still delete messages or change slowmode through the bot. This issue has been patched in version 1.1.6. | ||||
| CVE-2026-49060 | 2 Hippooo, Wordpress | 2 Hippoo Mobile App For Woocommerce, Wordpress | 2026-06-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4. | ||||
| CVE-2026-48611 | 1 Phpbb | 1 Phpbb | 2026-06-12 | N/A |
| Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations. | ||||
| CVE-2026-26239 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-06-12 | 8.1 High |
| A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later | ||||
| CVE-2026-26240 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-06-12 | 9.1 Critical |
| A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||||
| CVE-2026-26241 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-06-12 | 9.1 Critical |
| A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||||
| CVE-2026-54102 | 2026-06-12 | N/A | ||
| Reserved but no longer needed. | ||||
| CVE-2026-54101 | 2026-06-12 | N/A | ||
| Reserved but no longer needed. | ||||
| CVE-2026-52860 | 1 Vim | 1 Vim | 2026-06-12 | N/A |
| Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. Python evaluates function default values, parameter annotations, and class base expressions at definition time, so a hostile buffer can execute attacker-controlled Python expressions during omni-completion. The existing g:pythoncomplete_allow_import mitigation (GHSA-52mc-rq6p-rc7c) does not cover this path, because the attacker-controlled code is not a harvested import/from statement. This issue has been patched in version 9.2.0597. | ||||
| CVE-2026-52858 | 1 Vim | 1 Vim | 2026-06-12 | N/A |
| Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpreter) executes the import and from statements found in the current buffer through Python's import machinery. Because the buffer's working directory is on sys.path, opening a hostile .py file with a sibling Python package and invoking omni-completion runs that package's top-level code as the editing user. This issue has been patched in version 9.2.0561. | ||||
| CVE-2026-47162 | 1 Vim | 1 Vim | 2026-06-12 | N/A |
| Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when serializing browsed directory paths to the history file ~/.vim/.netrwhist. A directory name derived from the filesystem is interpolated into a single-quoted Vimscript string literal without escaping embedded single quotes, allowing a crafted directory name to break out of the string context and execute arbitrary Vimscript, including shell commands via system() and :!, the next time the history file is sourced. This issue has been patched in version 9.2.0495. | ||||
| CVE-2025-24268 | 1 Apple | 1 Macos | 2026-06-12 | 5.5 Medium |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-24284 | 1 Apple | 1 Macos | 2026-06-12 | 8.8 High |
| This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. | ||||
| CVE-2025-30431 | 1 Apple | 1 Macos | 2026-06-12 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information. | ||||
| CVE-2025-30459 | 1 Apple | 1 Macos | 2026-06-12 | 5.5 Medium |
| A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-31272 | 1 Apple | 1 Macos | 2026-06-12 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges. | ||||
| CVE-2025-43339 | 1 Apple | 1 Macos | 2026-06-12 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data. | ||||
| CVE-2025-46293 | 1 Apple | 1 Macos | 2026-06-12 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. | ||||
| CVE-2025-46308 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-06-12 | 5.3 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information. | ||||
| CVE-2025-46315 | 1 Apple | 1 Macos | 2026-06-12 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. | ||||