Export limit exceeded: 358995 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358995 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39575 | 2026-06-17 | 7.4 High | ||
| update_disk_psu_baseline.sh requires password in plain text | ||||
| CVE-2026-12105 | 1 Devolutions | 1 Devolutions Server | 2026-06-17 | 6.5 Medium |
| Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions. | ||||
| CVE-2026-0127 | 1 Google | 1 Android | 2026-06-17 | 6.5 Medium |
| In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0144 | 1 Google | 1 Android | 2026-06-17 | 6.5 Medium |
| In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0165 | 1 Google | 1 Android | 2026-06-17 | 5.7 Medium |
| In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-27928 | 2026-06-17 | N/A | ||
| vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1) reset the password via email and then 2) reset the 2FA token via email. This way they reduce 2FA to 1FA (email access). Note that most email providers require 2FA to access email, so this issue is not very likely to cause issues. Version 5.0.0 fixes the issue. No known workarounds are available. | ||||
| CVE-2024-24769 | 2026-06-17 | N/A | ||
| vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam sender. Note resetting the MFA token requires a correct password, so the potential impact for this is very low. Version 5.0.0 fixes the issue. No known workarounds are available. | ||||
| CVE-2026-12161 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-17 | 8.8 High |
| Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action. | ||||
| CVE-2026-12290 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A |
| Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-12291 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A |
| Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-12293 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A |
| Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||||
| CVE-2026-12294 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A |
| Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-12568 | 2026-06-17 | 6.5 Medium | ||
| The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker to write arbitrary files to the user's system. | ||||
| CVE-2026-12567 | 2026-06-17 | 2.2 Low | ||
| The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location. | ||||
| CVE-2026-12566 | 2026-06-17 | 3.1 Low | ||
| The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens. | ||||
| CVE-2026-12565 | 2026-06-17 | 5.3 Medium | ||
| The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extraction path traversal was never fixed. On systems with GNU tar < 1.34 (Ubuntu 20.04, Debian Buster, CentOS 7, many Docker base images), a malicious archive can write files outside the intended extraction directory. | ||||
| CVE-2024-22451 | 1 Dell | 1 Peripheral Manager | 2026-06-17 | 6.7 Medium |
| Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution. | ||||
| CVE-2024-30476 | 1 Dell | 1 Powerstore | 2026-06-17 | 5.4 Medium |
| PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser. | ||||
| CVE-2024-38487 | 2026-06-17 | 7 High | ||
| api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions. | ||||
| CVE-2026-11890 | 1 Devolutions | 1 Devolutions Server | 2026-06-17 | 4.3 Medium |
| Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results. | ||||