Export limit exceeded: 357007 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357007 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28210 | 1 Schneider-electric | 1 Ecostruxure Building Operation | 2026-05-28 | 6.1 Medium |
| A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser. | ||||
| CVE-2020-28209 | 2 Microsoft, Schneider-electric | 2 Windows, Enterprise Server Installer | 2026-05-28 | 7 High |
| A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location. | ||||
| CVE-2026-44798 | 2 Nautobot, Networktocode | 2 Nautobot, Nautobot | 2026-05-28 | 7.1 High |
| Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2. | ||||
| CVE-2022-27799 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-05-28 | N/A |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-43243 | 1 Microsoft | 1 Vp9 Video Extensions | 2026-05-28 | 5.5 Medium |
| VP9 Video Extensions Information Disclosure Vulnerability | ||||
| CVE-2021-26333 | 1 Amd | 2 Chipset Driver, Psp Driver | 2026-05-28 | 5.5 Medium |
| An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages. | ||||
| CVE-2021-22926 | 5 Haxx, Netapp, Oracle and 2 more | 26 Curl, Active Iq Unified Manager, Clustered Data Ontap and 23 more | 2026-05-28 | 7.5 High |
| libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. | ||||
| CVE-2020-15368 | 1 Asrock | 2 Rgb Driver, Rgb Driver Firmware | 2026-05-28 | 6.1 Medium |
| AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. | ||||
| CVE-2026-48896 | 1 Joomla | 1 Joomla\! | 2026-05-28 | 7.5 High |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2021-22897 | 5 Haxx, Netapp, Oracle and 2 more | 30 Curl, Cloud Backup, H300e and 27 more | 2026-05-28 | 5.3 Medium |
| curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. | ||||
| CVE-2026-48897 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 7.5 High |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2021-31946 | 1 Microsoft | 1 Paint 3d | 2026-05-28 | 7.8 High |
| Paint 3D Remote Code Execution Vulnerability | ||||
| CVE-2026-48901 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 7.5 High |
| The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | ||||
| CVE-2021-26701 | 3 Fedoraproject, Microsoft, Redhat | 8 Fedora, .net, .net Core and 5 more | 2026-05-28 | 8.1 High |
| .NET Core Remote Code Execution Vulnerability | ||||
| CVE-2026-45021 | 1 Kumahq | 1 Kuma | 2026-05-28 | N/A |
| Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. CorsAllowedDomains: [".*"] reflects any Origin, and LocalhostIsAdmin: true promotes requests from 127.0.0.1 to mesh-system:admin. A cross-origin fetch() from a malicious page returns the admin JWT and signing material. This vulnerability is fixed in 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5. | ||||
| CVE-2026-45306 | 1 Pyload | 1 Pyload | 2026-05-28 | 6.5 Medium |
| pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect the Flask session directory (/tmp/pyLoad/flask). An authenticated attacker can set storage_folder to the session directory and download session files of other users via /files/get/, leading to account takeover. This vulnerability is fixed in 0.5.0b3.dev100. | ||||
| CVE-2026-46561 | 1 Pyload | 1 Pyload | 2026-05-28 | 5 Medium |
| pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with a 302 redirect to an internal/private IP address, bypassing the is_global_host() check on the initial URL. This vulnerability is fixed in 0.5.0b3.dev100. | ||||
| CVE-2026-45348 | 1 Pyload | 1 Pyload | 2026-05-28 | 8.7 High |
| pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via $(div).html(html). No escaping runs between the API value and innerHTML. An attacker (Alice) who can submit a package link puts a single quote plus event handler into the URL, breaks out of the attribute, and executes JavaScript in every operator's browser that opens the downloads view. The theme does not set a Content Security Policy that restricts inline script or event handlers. This vulnerability is fixed in 0.5.0b3.dev100. | ||||
| CVE-2026-48864 | 2 Opensuse, Redhat | 9 Libsolv, Enterprise Linux, Hardened Images and 6 more | 2026-05-28 | 7.8 High |
| A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. | ||||
| CVE-2026-42082 | 1 Free5gc | 1 Free5gc | 2026-05-28 | 3.7 Low |
| free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE. This vulnerability is fixed in 4.2.2. | ||||