Export limit exceeded: 351920 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351920 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34463 | 1 Mantisbt | 1 Mantisbt | 2026-05-20 | N/A |
| Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name (which typically requires manager or administrator access level). This issue has been resolved in version 2.28.2. | ||||
| CVE-2026-39309 | 1 Triliumnext | 1 Trilium | 2026-05-20 | 5.5 Medium |
| Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission prompts by running malicious code under the identity of the trusted app. The root cause is that the RunAsNode fuse allows launching the app in a special Node.js mode using -e to execute arbitrary system commands with Trilium Notes's permissions and identity. An attacker can leverage this through a subprocess to request any sensitive permissions, such as access to hardware (camera, microphone) and TCC-protected files, causing the TCC system prompt to appear as if the request came from Trilium rather than the attacker's code, because macOS treats the subprocess as part of the parent application. Exploitation allows access to TCC-protected resources like the screen, camera, microphone, and folders such as ~/Documents and ~/Downloads, undermining macOS's security model and UI integrity through social engineering. This issue has been fixed in version 0.102.2. | ||||
| CVE-2024-36343 | 1 Amd | 17 Epyc 4004, Epyc 4005, Ryzen 6000 Series Processors With Radeon Graphics and 14 more | 2026-05-20 | N/A |
| Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity. | ||||
| CVE-2023-5983 | 1 Botanikyazilim | 1 Pharmacy Automation | 2026-05-20 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data. This issue affects Pharmacy Automation: before 2.1.133.0. | ||||
| CVE-2026-6068 | 1 Nasm | 2 Nasm, Netwide Assembler | 2026-05-20 | 6.5 Medium |
| NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution. | ||||
| CVE-2026-6844 | 2 Gnu, Redhat | 6 Binutils, Enterprise Linux, Hardened Images and 3 more | 2026-05-20 | 5.5 Medium |
| A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service. | ||||
| CVE-2023-5989 | 1 Uyumsoft | 1 Lioxerp | 2026-05-20 | 6.1 Medium |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute Stored XSS. This issue affects LioXERP: before v.146. | ||||
| CVE-2026-6845 | 2 Gnu, Redhat | 6 Binutils, Enterprise Linux, Hardened Images and 3 more | 2026-05-20 | 5 Medium |
| A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash. | ||||
| CVE-2026-43617 | 1 Rsync Project | 1 Rsync | 2026-05-20 | 4.8 Medium |
| Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN. | ||||
| CVE-2023-6011 | 1 Dece | 1 Geodi | 2026-05-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS. This issue affects Geodi: before 8.0.0.27396. | ||||
| CVE-2026-35070 | 1 Dell | 1 Smartfabric Storage Software | 2026-05-20 | 6.4 Medium |
| Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | ||||
| CVE-2023-5921 | 1 Decesoftware | 1 Geodi | 2026-05-20 | 7.1 High |
| Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396. | ||||
| CVE-2026-6452 | 2 Ktulhu, Wordpress | 2 Bigfishgames Syndicate, Wordpress | 2026-05-20 | 4.3 Medium |
| The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgames_syndicate_submenu() function. This makes it possible for unauthenticated attackers to reset plugin settings and update them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-8423 | 2 Javibola, Wordpress | 2 Javibola Custom Theme Test, Wordpress | 2026-05-20 | 4.3 Medium |
| The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active theme by modifying the jbct_theme option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6118 | 1 Neutron | 34 Ipc2224-sr3-npf-36, Ipc2224-sr3-npf-36 Firmware, Ipc2624-sr3-npf-36 and 31 more | 2026-05-20 | 7.5 High |
| Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1. | ||||
| CVE-2023-6122 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı allows Reflected XSS. This issue affects Softomi Gelişmiş C2C Pazaryeri Yazılımı: before 12122023. | ||||
| CVE-2026-6846 | 3 Gnu, Iputils, Redhat | 7 Binutils, Iputils, Enterprise Linux and 4 more | 2026-05-20 | 7.8 High |
| A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable. | ||||
| CVE-2023-6145 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. | ||||
| CVE-2023-6150 | 1 Eskom | 1 E-belediye | 2026-05-20 | 7.5 High |
| Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105. | ||||
| CVE-2023-6151 | 1 Eskom | 1 E-belediye | 2026-05-20 | 7.5 High |
| Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105. | ||||