Export limit exceeded: 355764 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355764 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355764 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66588 | 1 Azeotech | 1 Daqfactory | 2026-06-04 | 7.8 High |
| In AzeoTech DAQFactory release 20.7 (Build 2555), an access of uninitialized pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution. | ||||
| CVE-2025-66586 | 1 Azeotech | 1 Daqfactory | 2026-06-04 | 7.8 High |
| In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2026-10870 | 1 Shibby | 1 Tomato | 2026-06-04 | 7.2 High |
| A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is superseded by FreshTomato. | ||||
| CVE-2025-14771 | 1 Abb | 1 T-mac Plus | 2026-06-04 | 9.9 Critical |
| Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||
| CVE-2025-14772 | 1 Abb | 1 T-mac Plus | 2026-06-04 | 8.8 High |
| Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||
| CVE-2025-66585 | 1 Azeotech | 1 Daqfactory | 2026-06-04 | 7.8 High |
| In AzeoTech DAQFactory release 20.7 (Build 2555), a use after free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-14773 | 1 Abb | 1 T-mac Plus | 2026-06-04 | 8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||
| CVE-2025-14774 | 1 Abb | 1 T-mac Plus | 2026-06-04 | 7.4 High |
| Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||
| CVE-2025-12659 | 1 Siemens | 1 Simcenter Femap | 2026-06-04 | 7.8 High |
| Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2026-47201 | 1 Goauthentik | 1 Authentik | 2026-06-04 | 8.5 High |
| authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. This issue has been patched in versions 2025.12.5, 2026.2.3, and 2026.5.1. | ||||
| CVE-2026-1341 | 1 Avation | 1 Light Engine Pro | 2026-06-04 | N/A |
| Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control. | ||||
| CVE-2026-28318 | 1 Solarwinds | 1 Serv-u | 2026-06-04 | 7.5 High |
| SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update | ||||
| CVE-2026-4035 | 2 Lfprojects, Mlflow | 2 Mlflow, Mlflow/mlflow | 2026-06-04 | 7.7 High |
| A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0. | ||||
| CVE-2026-44653 | 2 Danny-avila, Librechat | 2 Libre Chat, Librechat | 2026-06-04 | 6.5 Medium |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets through `GET /api/mcp/servers` and `GET /api/mcp/servers/:serverName`. The returned config includes plaintext values for `apiKey.key` and `oauth.client_secret`. This allows viewers of a shared MCP server to exfiltrate the underlying provider credentials. Version 0.8..4 contains a patch. Other remediations include: never returning decrypted admin-managed secrets to non-owners; redacting apiKey.key and oauth.client_secret from all API responses consider returning only boolean presence indicators for secrets, similar to the auth-values route pattern; and, if owners need to edit configs without re-entering secrets, preserving secrets server-side and returning placeholders instead of plaintext. | ||||
| CVE-2026-32625 | 2 Danny-avila, Librechat | 2 Libre Chat, Librechat | 2026-06-04 | 9.6 Critical |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any authenticated user can create a malicious MCP server configuration with a URL pointing to an attacker-controlled domain containing environment variable references, causing the LibreChat server to connect to the attacker's server and transmit critical secrets such as CREDS_KEY, CREDS_IV, JWT_SECRET, and MONGO_URI in the request URL. This enables full compromise of the installation's cryptographic materials and database credentials without requiring administrative privileges. This is patched in version 0.8.4-rc1. | ||||
| CVE-2019-14360 | 1 Hyundai-pay | 2 Kasse Hk-1000, Kasse Hk-1000 Firmware | 2026-06-04 | 4.6 Medium |
| On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. | ||||
| CVE-2026-5241 | 1 Huggingface | 1 Transformers | 2026-06-04 | 9.6 Critical |
| A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when loading a LightGlue model using `AutoModel.from_pretrained()` with `trust_remote_code=False`, the `LightGlueConfig` reads the `trust_remote_code` value from the untrusted `config.json` file and propagates it into nested `AutoConfig.from_pretrained()` calls. This results in the execution of attacker-provided Python modules, even when the victim explicitly disables remote code execution. The vulnerability poses a high risk for environments such as API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially leading to credential theft, lateral movement, or persistence/backdoor deployment. | ||||
| CVE-2026-26379 | 2 Koha, Koha-community | 2 Koha, Koha | 2026-06-04 | 6.5 Medium |
| Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning and identify running services by analyzing server response times. | ||||
| CVE-2026-42211 | 2 Remix-run, Shopify | 2 React-router, React-router | 2026-06-04 | 8.1 High |
| React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through external requests. This attack requires the application code to have an existing prototype pollution vulnerability, which can then be leveraged in a 2-step attack where the second step triggers unauthorized RCE on the remote server. This does not impact applications using Declarative Mode (`<BrowserRouter>`) or Data Mode (`createBrowserRouter/<RouterProvider>`). This is patched in version 7.14.2. | ||||
| CVE-2026-26378 | 2 Koha, Koha-community | 2 Koha, Koha | 2026-06-04 | 5.4 Medium |
| Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features | ||||