Export limit exceeded: 359276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12515 | 1 Redhat | 2 Hummingbird, Satellite | 2026-06-18 | 4.3 Medium |
| A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content. | ||||
| CVE-2025-58175 | 2026-06-18 | 6.5 Medium | ||
| GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability. | ||||
| CVE-2025-52465 | 2026-06-18 | 7.2 High | ||
| GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages. | ||||
| CVE-2026-11791 | 1 Redhat | 2 Directory Server, Enterprise Linux | 2026-06-18 | 5 Medium |
| A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash). | ||||
| CVE-2026-3490 | 1 Mmaitre314 | 1 Picklescan | 2026-06-18 | 10 Critical |
| picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution. | ||||
| CVE-2025-71322 | 1 Mmaitre314 | 1 Picklescan | 2026-06-18 | 8.8 High |
| PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan. | ||||
| CVE-2026-42488 | 2026-06-18 | 8.1 High | ||
| Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache. | ||||
| CVE-2026-12039 | 2026-06-18 | N/A | ||
| Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist. | ||||
| CVE-2026-12539 | 2026-06-18 | N/A | ||
| Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist. | ||||
| CVE-2026-12437 | 1 Google | 1 Chrome | 2026-06-18 | 8.3 High |
| Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2025-69110 | 2026-06-18 | 8.1 High | ||
| Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions. | ||||
| CVE-2026-54186 | 2 Eyecix, Wordpress | 2 Jobsearch, Wordpress | 2026-06-18 | 9.3 Critical |
| Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | ||||
| CVE-2026-47103 | 2026-06-18 | 9.8 Critical | ||
| Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted `<data expr="...">` attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings through a call chain ending in Python's built-in eval() without sandboxing, enabling arbitrary code execution in the context of the hosting process. | ||||
| CVE-2026-12443 | 1 Google | 1 Chrome | 2026-06-18 | 8.8 High |
| Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-12458 | 1 Google | 1 Chrome | 2026-06-18 | 3.1 Low |
| Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12459 | 1 Google | 1 Chrome | 2026-06-18 | 6.1 Medium |
| Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-53846 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 7.1 High |
| OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager executables during dependency setup to compromise the build environment. | ||||
| CVE-2026-53858 | 1 Openclaw | 1 Openclaw | 2026-06-18 | 7.1 High |
| OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local paths, potentially executing malicious code during dependency resolution. | ||||
| CVE-2026-22335 | 2026-06-18 | 8.5 High | ||
| Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions. | ||||
| CVE-2026-49072 | 2026-06-18 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions. | ||||