Export limit exceeded: 350666 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350666 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35228 | 1 Oracle Corporation | 1 Oracle Mcp Server Helper Tool Product Of Oracle Open Source Projects | 2026-05-06 | 8.7 High |
| Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL. | ||||
| CVE-2026-3456 | 2 Ahmadgb, Wordpress | 2 Geekybot — Ai Copilot, Chatbot, Woocommerce Lead Gen & Zero-prompt Content, Wordpress | 2026-05-06 | 7.5 High |
| The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-4665 | 2 Shapedplugin, Wordpress | 3 Carousel, Slider, Photo Gallery With Lightbox, Video Slider, By Wp Carousel, Wp Carousel, Wordpress | 2026-05-06 | 6.4 Medium |
| The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, 2.7.10. This is due to the `fancybox-config.js` script reading the carousel container's `id` attribute directly from the DOM to construct a jQuery selector without sanitization. When a Contributor crafts an HTML block with a malformed carousel container ID (containing characters invalid for jQuery selectors), the custom fancybox configuration throws a JavaScript error and fails to initialize. This causes the bundled fancybox library (v3.5.7) to fall back to its default caption handling, which renders the `data-caption` attribute content as raw HTML. Since WordPress allows `data-*` attributes through `wp_kses_post()`, this makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks an image in the crafted carousel lightbox. | ||||
| CVE-2026-7811 | 1 54yyyu | 1 Code-mcp | 2026-05-06 | 7.3 High |
| A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-7824 | 1 Papercut | 1 Papercut Hive | 2026-05-06 | N/A |
| An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" (diagnostic) mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management portal could remotely enable deep logging and subsequently retrieve sensitive device passwords from the logs after an authorized user authenticates at the device. This exposure allows for the lateral movement or unauthorized configuration of the physical print hardware. | ||||
| CVE-2023-54342 | 1 Equinox | 1 [osgi | 2026-05-06 | 9.8 Critical |
| Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection. | ||||
| CVE-2023-54344 | 1 Equinox | 1 [osgi | 2026-05-06 | 9.8 Critical |
| Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections. | ||||
| CVE-2023-54348 | 1 Rajodiya | 1 Erpgo Saas | 2026-05-06 | 8.8 High |
| ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in spreadsheet applications. | ||||
| CVE-2023-54349 | 1 Spondonit | 1 Amazcart Cms | 2026-05-06 | 6.1 Medium |
| AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed. | ||||
| CVE-2026-4304 | 2 Weepie, Wordpress | 2 Weepie Cookie Allow, Wordpress | 2026-05-06 | 7.5 High |
| The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-31893 | 1 Tunnelblick | 1 Tunnelblick | 2026-05-06 | N/A |
| Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix socket. The socket is configured with mode 0666, allowing any local user to connect. No authorization check is performed on the connecting client. The tunnelblick-helper process constructs a path to config.ovpn inside a user-controlled .tblk directory and reads it as root without symlink validation. An attacker can create a .tblk configuration with a symlinked config.ovpn pointing to any file and request tunnelblickd to read it. This issue has been fixed in versions 9.0beta02. | ||||
| CVE-2026-31282 | 1 Totara | 1 Lms | 2026-05-06 | 9.8 Critical |
| Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because (1) local login is enabled/disabled server side (this is not a client side control); (2) there is no evidence SSO login can be bypassed to allow local login; and (3) there is no evidence that local login can be performed when disabled server side. | ||||
| CVE-2026-42997 | 1 Openstack | 1 Ironic | 2026-05-06 | 7.7 High |
| An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1. | ||||
| CVE-2026-43002 | 1 Openstack | 1 Horizon | 2026-05-06 | 5.3 Medium |
| An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix. | ||||
| CVE-2026-7020 | 1 Ollama | 1 Ollama | 2026-05-06 | 3.7 Low |
| A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-38751 | 1 Devcode | 1 Openstamanager | 2026-05-05 | 7.2 High |
| OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php) | ||||
| CVE-2026-40797 | 2 Saleswonder, Wordpress | 2 Webinarignition, Wordpress | 2026-05-05 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253. | ||||
| CVE-2026-7834 | 1 Iptime | 1 Nas1dual | 2026-05-05 | 9.8 Critical |
| A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-31458 | 1 Linux | 1 Linux Kernel | 2026-05-05 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] Multiple sysfs command paths dereference contexts_arr[0] without first verifying that kdamond->contexts->nr == 1. A user can set nr_contexts to 0 via sysfs while DAMON is running, causing NULL pointer dereferences. In more detail, the issue can be triggered by privileged users like below. First, start DAMON and make contexts directory empty (kdamond->contexts->nr == 0). # damo start # cd /sys/kernel/mm/damon/admin/kdamonds/0 # echo 0 > contexts/nr_contexts Then, each of below commands will cause the NULL pointer dereference. # echo update_schemes_stats > state # echo update_schemes_tried_regions > state # echo update_schemes_tried_bytes > state # echo update_schemes_effective_quotas > state # echo update_tuned_intervals > state Guard all commands (except OFF) at the entry point of damon_sysfs_handle_cmd(). | ||||
| CVE-2026-31457 | 1 Linux | 1 Linux Kernel | 2026-05-05 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_sysfs_upd_schemes_stats(), and damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr. If nr_contexts is set to 0 via sysfs while DAMON is running, these functions dereference contexts_arr[0] and cause a NULL pointer dereference. Add the missing check. For example, the issue can be reproduced using DAMON sysfs interface and DAMON user-space tool (damo) [1] like below. $ sudo damo start --refresh_interval 1s $ echo 0 | sudo tee \ /sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts | ||||