Export limit exceeded: 359276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48929 | 1 Rocket.chat | 1 Rocket.chat | 2026-06-17 | N/A |
| Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an unauthenticated DDP WebSocket connection, Meteor.userId() returns null, causing the authorization check to be skipped. Execution falls through to FileUpload.getStore('Uploads').deleteById(fileID), which removes the file from storage and database unconditionally. File IDs are discoverable from public channel message payloads and download URLs. | ||||
| CVE-2026-48616 | 1 Rocket.chat | 1 Rocket.chat | 2026-06-17 | N/A |
| Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat access using rc_room_type=l with rc_rid+rc_token, but the authorization path does not verify that rc_rid matches the requested file's rid. Furthermore, :fileId is predictable via sequential MongoDB IDs, and :name can be anything, allowing unauthenticated discovery of all uploaded files. | ||||
| CVE-2026-38063 | 2026-06-17 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter. | ||||
| CVE-2026-36670 | 2026-06-17 | 8.8 High | ||
| A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php. | ||||
| CVE-2026-50872 | 2026-06-17 | 9.8 Critical | ||
| An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request. | ||||
| CVE-2026-50876 | 2026-06-17 | 5.4 Medium | ||
| A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2026-50885 | 1 Sismics | 1 Teedy | 2026-06-17 | 7.5 High |
| Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request. | ||||
| CVE-2026-50887 | 2026-06-17 | 9.1 Critical | ||
| A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl. | ||||
| CVE-2026-6045 | 1 The Document Foundation | 1 Libreoffice | 2026-06-17 | 6.6 Medium |
| LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating. | ||||
| CVE-2026-55706 | 1 Openbsd | 1 Openbsd | 2026-06-17 | 5.8 Medium |
| sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths. | ||||
| CVE-2026-30120 | 2026-06-17 | 9.8 Critical | ||
| remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2026-38060 | 2026-06-17 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter. | ||||
| CVE-2026-38064 | 2026-06-17 | 9.8 Critical | ||
| Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter. | ||||
| CVE-2026-38329 | 2026-06-17 | 9.8 Critical | ||
| Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and execute arbitrary code on the server. | ||||
| CVE-2026-50869 | 2026-06-17 | 9.8 Critical | ||
| An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request. | ||||
| CVE-2026-36213 | 2026-06-17 | 7.8 High | ||
| An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component. | ||||
| CVE-2026-37216 | 1 Yangzongzhuan | 1 Ruoyi | 2026-06-17 | 6.1 Medium |
| Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add. | ||||
| CVE-2026-39006 | 2026-06-17 | 9.8 Critical | ||
| An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component. | ||||
| CVE-2026-45388 | 1 Ocaml | 1 Ocaml | 2026-06-17 | 9.1 Critical |
| In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage). | ||||
| CVE-2026-45390 | 2026-06-17 | 9.1 Critical | ||
| In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the desired extraction directory (to an attacker that can reach a tar decompression endpoint). | ||||