Export limit exceeded: 349621 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349621 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8191 | 1 Wavlink | 1 Wl-nu516u1 | 2026-05-10 | 6.3 Medium |
| A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2026-8192 | 1 Wavlink | 1 Wl-nu516u1 | 2026-05-10 | 6.3 Medium |
| A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure. | ||||
| CVE-2026-42246 | 1 Ruby-lang | 1 Net::imap | 2026-05-10 | N/A |
| Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4. | ||||
| CVE-2026-42245 | 1 Ruby-lang | 1 Net::imap | 2026-05-10 | N/A |
| Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4. | ||||
| CVE-2026-42257 | 1 Ruby-lang | 1 Net::imap | 2026-05-10 | N/A |
| Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4. | ||||
| CVE-2026-8196 | 1 Jeecg | 1 Jeecgboot | 2026-05-10 | 3.7 Low |
| A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-8228 | 1 Wavlink | 1 Wl-nu516u1 | 2026-05-10 | 6.3 Medium |
| A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2026-8230 | 1 Wavlink | 1 Wl-nu516u1 | 2026-05-10 | 6.3 Medium |
| A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2026-8234 | 1 Iptime | 1 A8004t | 2026-05-10 | 8.8 High |
| A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-50943 | 1 Moodle | 1 Moodle | 2026-05-10 | 6.1 Medium |
| Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users' browsers and steal session cookies. | ||||
| CVE-2026-28838 | 1 Apple | 1 Macos | 2026-05-10 | 5.3 Medium |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox. | ||||
| CVE-2025-67806 | 2 Sage, Sagedpw | 2 Dpw, Sage Dpw | 2026-05-10 | 3.7 Low |
| The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions. | ||||
| CVE-2026-20684 | 1 Apple | 1 Macos | 2026-05-10 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypass Gatekeeper checks. | ||||
| CVE-2026-4984 | 1 Botpress | 1 Botpress | 2026-05-10 | 8.2 High |
| The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP requests that include the integration's Twilio credentials in the 'Authorization' header. An attacker can forge a webhook payload pointing to their own server and receive the victim's 'accountSID' and 'authToken' in plaintext (base64-encoded Basic Auth), leading to full compromise of the Twilio account. | ||||
| CVE-2025-67805 | 2 Sage, Sagedpw | 2 Dpw, Sage Dpw | 2026-05-10 | 5.9 Medium |
| A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003. | ||||
| CVE-2025-70041 | 1 Oslabs-beta | 1 Thermakube | 2026-05-10 | 9.8 Critical |
| An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | ||||
| CVE-2026-21669 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2026-05-10 | 10 Critical |
| A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | ||||
| CVE-2026-21668 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2026-05-10 | 8.8 High |
| A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. | ||||
| CVE-2026-28833 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-05-10 | 6.2 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2026-4112 | 1 Sonicwall | 1 Sma1000 | 2026-05-10 | 7.2 High |
| Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. | ||||