Export limit exceeded: 357688 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357688 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357688 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30148 | 1 Store-opart | 1 Multi Html Block | 2026-06-12 | 6.1 Medium |
| Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php. | ||||
| CVE-2026-48613 | 1 Phpbb | 1 Phpbb | 2026-06-12 | N/A |
| SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated to 3.3.11 or newer yet. | ||||
| CVE-2023-36263 | 1 Store-opart | 1 Op\'art Limit Quantity | 2026-06-12 | 9.8 Critical |
| Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2026-47342 | 1 Apache | 1 Ofbiz | 2026-06-12 | 8.8 High |
| A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue. | ||||
| CVE-2026-44495 | 1 Axios | 1 Axios | 2026-06-12 | 7 High |
| Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, affected Axios versions may treat that inherited value as request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request. This vulnerability is fixed in 0.31.1 and 1.15.2. | ||||
| CVE-2026-1836 | 1 Redmine | 1 Redmine | 2026-06-12 | N/A |
| The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials. | ||||
| CVE-2026-12066 | 1 Pbootcms | 1 Pbootcms | 2026-06-12 | 7.3 High |
| A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-11967 | 1 Mobatek | 1 Mobaxterm Personal Edition Portable | 2026-06-12 | N/A |
| MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application. | ||||
| CVE-2026-11879 | 1 Mobatek | 1 Mobaxterm Personal Edition Portable | 2026-06-12 | N/A |
| MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application. | ||||
| CVE-2026-41856 | 2 Spring, Vmware | 2 Spring For Graphql, Spring For Graphql | 2026-06-12 | 7.5 High |
| The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored at runtime. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6. | ||||
| CVE-2026-41700 | 2 Spring, Vmware | 2 Spring For Graphql, Spring For Graphql | 2026-06-12 | 8.1 High |
| Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6. | ||||
| CVE-2026-46373 | 1 Sqlfluff | 1 Sqlfluff | 2026-06-12 | 7.5 High |
| SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.1.0. | ||||
| CVE-2026-50631 | 1 Apache | 1 Cxf | 2026-06-12 | 7.4 High |
| A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or threads. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue. | ||||
| CVE-2026-50630 | 1 Apache | 1 Cxf | 2026-06-12 | 6.5 Medium |
| A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return (CR) and Line Feed (LF) characters. If an attacker can control the realm value, they can inject arbitrary HTTP headers or split the HTTP response entirely. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue. | ||||
| CVE-2026-45169 | 1 Cyberark Software A Palo Alto Networks Company | 1 Pam Sh Vault | 2026-06-12 | N/A |
| Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17 | ||||
| CVE-2026-46374 | 1 Sqlfluff | 1 Sqlfluff | 2026-06-12 | 7.5 High |
| SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.2.0. | ||||
| CVE-2026-44716 | 2 Pipecat, Pipecat-ai | 2 Pipecat, Pipecat | 2026-06-12 | 7.5 High |
| Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py). When the runner is started with the --folder flag, it exposes a GET /files/{filename:path} download endpoint. The filename path parameter is concatenated directly onto args.folder with no containment check. Starlette normalises literal ../ sequences in URLs, but %2F-encoded slashes bypass this normalisation: the path parameter is URL-decoded after routing, so ..%2F..%2Fetc%2Fpasswd resolves to a path two levels above args.folder. An attacker with network access to the runner can read any file the pipecat process has permission to access — including SSH private keys, credentials, and system files — with a single unauthenticated HTTP request. This issue has been patched in version 1.2.0. | ||||
| CVE-2026-49949 | 1 Steipete | 1 Codexbar | 2026-06-12 | 5.3 Medium |
| CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to the shared ProviderHTTPClient transport. Attackers can redirect credentialed provider requests carrying browser cookies, bearer tokens, or API keys to an unintended host, port, or plaintext HTTP destination to capture those credentials. | ||||
| CVE-2026-12060 | 2026-06-12 | 6.5 Medium | ||
| Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining unauthorized access to camera and microphone permissions. | ||||
| CVE-2026-11850 | 1 Redhat | 3 Enterprise Linux, Hummingbird, Openshift | 2026-06-12 | 5 Medium |
| An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read. The attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data. | ||||