Export limit exceeded: 355007 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355007 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10566 | 2 Foundation Agents, Foundationagents | 2 Metagpt, Metagpt | 2026-06-02 | 5.3 Medium |
| A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10565 | 1 Open5gs | 1 Open5gs | 2026-06-02 | 3.1 Low |
| A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-10300 | 2 Sgl-project, Sglang | 2 Sglang, Sglang | 2026-06-02 | 3.7 Low |
| A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-10285 | 1 Devaslanphp | 2 Project-management, Project Management | 2026-06-02 | 5.4 Medium |
| A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10290 | 1 Code-projects | 1 Hotel And Tourism Reservation System | 2026-06-02 | 7.3 High |
| A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-10299 | 1 Code-projects | 1 Online Hospital Management System | 2026-06-02 | 3.8 Low |
| A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-10529 | 1 Westboy | 1 Cicadascms | 2026-06-02 | 2.4 Low |
| A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10583 | 1 Nextlevelbuilder | 1 Goclaw | 2026-06-02 | 4.7 Medium |
| A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug. | ||||
| CVE-2026-10528 | 1 Orthanc | 1 Dicom Server | 2026-06-02 | 3.3 Low |
| A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named bae99026ca97. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2026-24761 | 1 Kiteworks | 1 Secure Data Forms | 2026-06-02 | 3.7 Low |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-22872 | 1 Projectcapsule | 1 Capsule | 2026-06-02 | N/A |
| Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant administrators can leverage the Controller's elevated privileges to create cluster-scoped resources (such as ClusterRole and ValidatingWebhookConfiguration) that they cannot create directly, achieving cross-tenant privilege escalation and cluster-level attacks. The attack vector has a few limiting factors. This attack requires Tenant Owner privileges and requires Capsule Controller running with cluster-admin privileges (default configuration). Additionally, some clusters may have additional admission controllers blocking malicious resources. Version 0.13.0 patches this issue. | ||||
| CVE-2026-7770 | 1 Ibm | 1 I Access Family | 2026-06-02 | 8.8 High |
| IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator. | ||||
| CVE-2026-49376 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 6.5 Medium |
| In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin | ||||
| CVE-2026-49377 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 4.3 Medium |
| In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters | ||||
| CVE-2026-49378 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 4.3 Medium |
| In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion | ||||
| CVE-2026-49379 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 6.5 Medium |
| In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names | ||||
| CVE-2026-49380 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 3.1 Low |
| In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible | ||||
| CVE-2026-49381 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 3.4 Low |
| In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible | ||||
| CVE-2018-25432 | 1 Armcode | 1 Arm Whois | 2026-06-02 | 8.4 High |
| Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking. | ||||
| CVE-2026-24782 | 1 Kiteworks | 1 Secure Data Forms | 2026-06-02 | 7.6 High |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global configuration parameters. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||