Export limit exceeded: 350604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44291 | 2026-05-13 | 8.1 High | ||
| protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type information. This could cause attacker-controlled strings to be emitted into generated JavaScript code. This vulnerability is fixed in 7.5.6 and 8.0.2. | ||||
| CVE-2026-42266 | 2026-05-13 | 8.8 High | ||
| jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7. | ||||
| CVE-2026-44665 | 2026-05-13 | 6.1 Medium | ||
| fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in 1.1.7. | ||||
| CVE-2026-30452 | 1 Textpattern | 1 Textpattern | 2026-05-13 | 6.5 Medium |
| Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in textpattern/include/txp_article.php, an attacker can bypass authorization checks and overwrite content belonging to other users. | ||||
| CVE-2026-39836 | 2 Go Standard Library, Golang | 2 Net, Go | 2026-05-13 | 7.5 High |
| The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). | ||||
| CVE-2026-39820 | 2 Go Standard Library, Golang | 2 Net/mail, Go | 2026-05-13 | 7.5 High |
| Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. | ||||
| CVE-2026-32834 | 2 Scott Paterson, Wordpress | 2 Easy-paypal-events-tickets, Wordpress | 2026-05-13 | 7.5 High |
| Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can access the vulnerable endpoint via the add_wpeevent_button_qr action to retrieve sensitive order details including PayPal transaction IDs, customer email addresses, purchase amounts, and ticket information for any order with a known or guessed post ID. | ||||
| CVE-2026-4424 | 2 Libarchive, Redhat | 21 Libarchive, Ai Inference Server, Discovery and 18 more | 2026-05-13 | 7.5 High |
| A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction. | ||||
| CVE-2026-43484 | 1 Linux | 1 Linux Kernel | 2026-05-13 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host->claimed bit shared a word with retune flags. Writes to claimed in __mmc_claim_host() or retune_now in mmc_mq_queue_rq() can overwrite other bits when concurrent updates happen in other contexts, triggering spurious WARN_ON(!host->claimed). Convert claimed, can_retune, retune_now and retune_paused to bool to remove shared-word coupling. | ||||
| CVE-2026-43481 | 1 Linux | 1 Linux Kernel | 2026-05-13 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it on all return paths, whether the skb is queued successfully or freed on an error path. net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit() currently jump to free_msg after genlmsg_reply() fails and call nlmsg_free(msg), which can hit the same skb twice. Return the genlmsg_reply() error directly and keep free_msg only for pre-reply failures. | ||||
| CVE-2026-42062 | 2026-05-13 | N/A | ||
| ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required. | ||||
| CVE-2026-44352 | 1 Reconurge | 1 Flowsint | 2026-05-13 | N/A |
| Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3. | ||||
| CVE-2026-42948 | 2026-05-13 | N/A | ||
| Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser. | ||||
| CVE-2026-42557 | 2026-05-13 | N/A | ||
| jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user. This vulnerability is fixed in 4.5.7. | ||||
| CVE-2026-42950 | 2026-05-13 | N/A | ||
| ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken. | ||||
| CVE-2026-44548 | 1 Churchcrm | 1 Churchcrm | 2026-05-13 | 8.1 High |
| ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records, including cascaded property and record-to-property assignments. This vulnerability is fixed in 7.3.2. | ||||
| CVE-2026-42961 | 2026-05-13 | N/A | ||
| ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations. | ||||
| CVE-2026-44307 | 1 Sqlalchemy | 1 Mako | 2026-05-13 | N/A |
| Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(), allowing reads of files outside the configured template directory. This vulnerability is fixed in 1.3.12. | ||||
| CVE-2026-3426 | 2 Rometheme, Wordpress | 2 Rtmkit, Wordpress | 2026-05-13 | 4.3 Medium |
| The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-level access and above, to modify or reset site-wide widget configurations. | ||||
| CVE-2026-43172 | 1 Linux | 1 Linux Kernel | 2026-05-13 | 8.8 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs (which doesn't exist in hardware) then using "fwrt->smem_cfg.lmac[2]" is an overrun of the array. Reject such and use IWL_FW_CHECK instead of WARN_ON in this function. | ||||