Export limit exceeded: 357916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50890 | 2026-06-15 | N/A | ||
| Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement. | ||||
| CVE-2026-50889 | 2026-06-15 | N/A | ||
| An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted refresh-token header. | ||||
| CVE-2026-50887 | 2026-06-15 | N/A | ||
| A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl. | ||||
| CVE-2026-50891 | 2026-06-15 | N/A | ||
| Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request. | ||||
| CVE-2026-50888 | 2026-06-15 | N/A | ||
| An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL. | ||||
| CVE-2026-50892 | 2026-06-15 | N/A | ||
| Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request. | ||||
| CVE-2026-50878 | 2026-06-15 | N/A | ||
| An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2026-50881 | 2026-06-15 | N/A | ||
| Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes. | ||||
| CVE-2026-50883 | 2026-06-15 | N/A | ||
| An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload. | ||||
| CVE-2026-50880 | 2026-06-15 | N/A | ||
| An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request. | ||||
| CVE-2026-50876 | 2026-06-15 | N/A | ||
| A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2026-50884 | 2026-06-15 | N/A | ||
| Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components. | ||||
| CVE-2026-50877 | 2026-06-15 | N/A | ||
| An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters. | ||||
| CVE-2026-50882 | 2026-06-15 | N/A | ||
| An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2026-50885 | 2026-06-15 | N/A | ||
| Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request. | ||||
| CVE-2026-50879 | 2026-06-15 | N/A | ||
| An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2026-50874 | 2026-06-15 | N/A | ||
| An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input. | ||||
| CVE-2026-50872 | 2026-06-15 | N/A | ||
| An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request. | ||||
| CVE-2026-50875 | 2026-06-15 | N/A | ||
| Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request. | ||||
| CVE-2026-50869 | 2026-06-15 | N/A | ||
| An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request. | ||||