Export limit exceeded: 355107 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355107 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10278 | 1 Ishayoyo | 1 Excel-mcp | 2026-06-02 | 6.3 Medium |
| A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10566 | 2 Foundation Agents, Foundationagents | 2 Metagpt, Metagpt | 2026-06-02 | 5.3 Medium |
| A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10565 | 1 Open5gs | 1 Open5gs | 2026-06-02 | 3.1 Low |
| A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-10300 | 2 Sgl-project, Sglang | 2 Sglang, Sglang | 2026-06-02 | 3.7 Low |
| A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-10285 | 1 Devaslanphp | 2 Project-management, Project Management | 2026-06-02 | 5.4 Medium |
| A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10290 | 1 Code-projects | 1 Hotel And Tourism Reservation System | 2026-06-02 | 7.3 High |
| A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-10299 | 1 Code-projects | 1 Online Hospital Management System | 2026-06-02 | 3.8 Low |
| A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-10529 | 1 Westboy | 1 Cicadascms | 2026-06-02 | 2.4 Low |
| A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10583 | 1 Nextlevelbuilder | 1 Goclaw | 2026-06-02 | 4.7 Medium |
| A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug. | ||||
| CVE-2026-10528 | 1 Orthanc | 1 Dicom Server | 2026-06-02 | 3.3 Low |
| A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named bae99026ca97. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2026-7770 | 1 Ibm | 1 I Access Family | 2026-06-02 | 8.8 High |
| IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator. | ||||
| CVE-2026-49376 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 6.5 Medium |
| In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin | ||||
| CVE-2026-49377 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 4.3 Medium |
| In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters | ||||
| CVE-2026-49378 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 4.3 Medium |
| In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion | ||||
| CVE-2026-49379 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 6.5 Medium |
| In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names | ||||
| CVE-2026-49380 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 3.1 Low |
| In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible | ||||
| CVE-2026-49381 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 3.4 Low |
| In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible | ||||
| CVE-2018-25432 | 1 Armcode | 1 Arm Whois | 2026-06-02 | 8.4 High |
| Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking. | ||||
| CVE-2026-2237 | 1 Synology | 2 Diskstation Manager, Storage Manager | 2026-06-02 | 6.2 Medium |
| A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information. | ||||
| CVE-2018-25435 | 1 Zeuscart | 1 Zeuscart | 2026-06-02 | 5.3 Medium |
| ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters. | ||||