Export limit exceeded: 354870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (354870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5768 | 1 Fourth Frontier | 3 Frontier X2, Frontier X Android Application, Frontier X Ios Application | 2026-05-30 | 8.8 High |
| The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities, triggering vibrations, causing denial-of-service conditions, and fuzzing characteristic values to induce unexpected behavior. Additionally, the Frontier X mobile application lacks proper BLE device authentication, allowing attackers to impersonate a legitimate Frontier X2 device and connect to the application. By cloning BLE advertisements and exposing expected GATT characteristics, attackers can manipulate activity states and inject fabricated health telemetry such as breathing rate, heart rate, strain, and other health-related data into the mobile application. | ||||
| CVE-2026-7786 | 1 Jinan Usr Iot Technology Limited (pusr) | 1 Usr-w610 Rs232/485 To Wi-fi/ethernet Converter | 2026-05-30 | 9.8 Critical |
| Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services. | ||||
| CVE-2026-42941 | 1 Danelec | 1 Macgregor Voyage Data Recorder (vdr) G4e | 2026-05-30 | 8.3 High |
| The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change. | ||||
| CVE-2026-42951 | 1 Danelec | 1 Macgregor Voyage Data Recorder (vdr) G4e | 2026-05-30 | 5.4 Medium |
| An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes. | ||||
| CVE-2026-44611 | 1 Danelec | 1 Macgregor Voyage Data Recorder (vdr) G4e | 2026-05-30 | 5.4 Medium |
| Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks. | ||||
| CVE-2026-42929 | 1 Danelec | 1 Macgregor Voyage Data Recorder (vdr) G4e | 2026-05-30 | 8.3 High |
| Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. | ||||
| CVE-2026-40425 | 1 Danelec | 1 Macgregor Voyage Data Recorder (vdr) G4e | 2026-05-30 | 5.7 Medium |
| The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password. | ||||
| CVE-2026-47745 | 1 Shopperlabs | 1 Shopper | 2026-05-30 | 6.5 Medium |
| Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, disable, edit, delete) that were rendered for any authenticated panel user without checking the corresponding per-action permission. A low-privilege user could disable every payment method on the store, disable or alter the default currency, or disable carriers. The impact is a full denial of checkout and pricing integrity loss, reachable by any authenticated user. This vulnerability is fixed in 2.8.0. | ||||
| CVE-2026-47744 | 1 Shopperlabs | 1 Shopper | 2026-05-30 | 9.9 Critical |
| Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users, including administrators. Settings/Team/RolePermission gated its write actions on the read-only view_users permission. Any user holding view_users could grant themselves or any other user arbitrary permissions, including manage_users and edit_orders, effectively escalating to full panel administrator from a read-only account. Combined, these two defects allow a low-privilege authenticated user to obtain administrator privileges and remove the legitimate administrators from the panel. This vulnerability is fixed in 2.8.0. | ||||
| CVE-2026-47741 | 1 Shopperlabs | 1 Shopper | 2026-05-30 | 5.9 Medium |
| Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Under concurrent checkout pressure (Black Friday, flash sale, viral coupon), the global usage_limit was silently exceeded: orders were committed with the discount fully applied to price_amount while the counter blocked at usage_limit. The merchant had no signal that an over-redemption had occurred. This vulnerability is fixed in 2.8.0. | ||||
| CVE-2026-42500 | 1 Golang | 1 Image | 2026-05-30 | 5.3 Medium |
| Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. | ||||
| CVE-2026-46384 | 1 Iskorotkov | 1 Avro | 2026-05-30 | N/A |
| iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets (GOARCH=386, arm, mips, wasm, etc.), the truncation paths can silently bypass byte-slice limits, select the wrong union branch, or hit the OCF negative-make panic via wrap. Three sub-issues are not 32-bit-specific: cumulative-size arithmetic overflow in arrayDecoder.Decode / mapDecoder.Decode / mapDecoderUnmarshaler.Decode (wraps at math.MaxInt64 on amd64 / arm64 and bypasses MaxSliceAllocSize / MaxMapAllocSize), math.MinInt negation in block-header handling, and make([]byte, size) with a negative size in OCF block reads — all three panic or bypass caps on any platform, giving an attacker a denial-of-service primitive there. This vulnerability is fixed in 2.33.0. | ||||
| CVE-2018-25414 | 1 Aiopmsd | 1 Aiopmsd Final | 2026-05-30 | 8.2 High |
| AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract sensitive database information including usernames, database names, and version details. | ||||
| CVE-2026-49009 | 1 Northern.tech | 1 Mender | 2026-05-30 | 3.1 Low |
| Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. | ||||
| CVE-2026-7618 | 2 Dattateccom, Wordpress | 2 Envialosimple Email Marketing Y Newsletters, Wordpress | 2026-05-30 | 4.9 Medium |
| The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-2030 | 2 Livemeshthemes, Wordpress | 2 Wpbakery Page Builder Addons, Wordpress | 2026-05-30 | 6.4 Medium |
| The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[lvca_carousel]` and `[lvca_posts_carousel]` shortcode attributes in all versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. Specifically, shortcode attributes are encoded with `wp_json_encode()` and output into single-quoted `data-settings` HTML attributes without using `esc_attr()`, allowing attackers to break out of the attribute by injecting single quotes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-41704 | 1 Cloud Foundry | 1 Bosh | 2026-05-30 | 5 Medium |
| AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response containing 'exception' goes through format_exception (lines 308-325), which reads exception['blobstore_id'] and also calls download_and_delete_blob. That helper (lines 344-349) calls ResourceManager#get_resource(blob_id) and, in an ensure block, ResourceManager#delete_resource(blob_id). ResourceManager (resource_manager.rb:62-70) calls blobstore.delete(id) on the single shared Director blobstore with no UUID-format check, no ownership check, and no namespace prefix. Affected versions: BOSH Director: All versions prior to v282.1.12 | ||||
| CVE-2026-40813 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-30 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-40824 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-30 | 5.5 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity. | ||||
| CVE-2026-40826 | 3 Helmholz, Mb Connect Line, Mbconnectline | 9 Myrex24.virtual, Myrex24 V2, Myrex24v2 and 6 more | 2026-05-30 | 4.9 Medium |
| A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||