Export limit exceeded: 359465 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359465 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359465 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359465 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10634 | 1 Zephyrproject | 1 Zephyr | 2026-06-16 | 4.8 Medium |
| Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcp_lock while invoking the per-connection callback and re-acquired it afterwards. During that window a concurrent tcp_conn_release(), running on the dedicated TCP work-queue thread when a connection's reference count drops to zero (e.g. a remote peer closing or resetting the connection), can remove and k_mem_slab_free() the cached next connection. When the iterator advances it dereferences the freed (and possibly reallocated) slab memory — a use-after-free that can crash the system (denial of service) and, if the slot has been reused, cause the callback to operate on an attacker-influenced object (potential information disclosure or further fault). net_tcp_foreach() is reached in production via the 'net conn' network shell command and via net_tcp_close_all_for_iface() on interface-down; the freeing side is driven by ordinary TCP traffic. The fix moves the connection/context teardown in tcp_conn_release() inside the tcp_lock critical section and keeps tcp_lock held across the callback in net_tcp_foreach(). The defect was introduced with the modern (TCP2) stack in 2020 and affects releases up to and including v4.4.0. | ||||
| CVE-2026-48709 | 1 Olivetin | 1 Olivetin | 2026-06-16 | 3.7 Low |
| OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not call auth.UserFromApiCall or checkDashboardAccess. When AuthRequireGuestsToLogin is enabled (the security-conscious configuration), this endpoint remains accessible to unauthenticated users and can be used as an oracle to enumerate valid action binding IDs and their argument configurations. This issue has been fixed in version 3000.13.0. | ||||
| CVE-2026-22557 | 1 Ubiquiti | 1 Unifi Network Application | 2026-06-16 | 10 Critical |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account. | ||||
| CVE-2026-40793 | 2 Groundhogg, Wordpress | 2 Groundhogg, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Groundhogg < 4.4.1 versions. | ||||
| CVE-2026-42640 | 2 Mamunur Rashid, Wordpress | 2 Classified Listing, Wordpress | 2026-06-16 | 6.5 Medium |
| Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions. | ||||
| CVE-2026-42659 | 2 Nasirahmed, Wordpress | 2 Advanced Form Integration, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions. | ||||
| CVE-2026-48870 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions. | ||||
| CVE-2026-1460 | 1 Zyxel | 2 Dx3301-t0 Firmware, Ex3301-t0 Firmware | 2026-06-16 | 7.2 High |
| A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device. | ||||
| CVE-2025-67887 | 1 1c-bitrix | 1 1c-bitrix | 2026-06-16 | 9.8 Critical |
| 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged users who can upload new translated pages to the website. | ||||
| CVE-2025-67888 | 1 Centos-webpanel | 1 Centos Web Panel | 2026-06-16 | 7.3 High |
| An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php (when the "api" parameter is set) is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject and execute arbitrary OS commands with the privileges of root on the web server. Softaculous or SitePad must be present. | ||||
| CVE-2025-41277 | 2 Waterfall, Waterfall-security | 3 Wf-500, Wf-500, Wf-500 Firmware | 2026-06-16 | 9.8 Critical |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. | ||||
| CVE-2026-11572 | 1 Rich-harris | 1 Degit | 2026-06-16 | 8.8 High |
| Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec() method by _cloneWithGit() and fetchRefs() functions. An attacker can execute arbitrary operating system commands as the process user by supplying a specially crafted git repository name. | ||||
| CVE-2026-10520 | 1 Ivanti | 2 Sentry, Standalone Sentry | 2026-06-16 | 10 Critical |
| An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution | ||||
| CVE-2026-48881 | 2 Themetechmount, Wordpress | 2 Truebooker, Wordpress | 2026-06-16 | 9.1 Critical |
| Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. | ||||
| CVE-2026-48964 | 2 Elextensions, Wordpress | 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | ||||
| CVE-2026-48970 | 2 Really-simple-plugins, Wordpress | 2 Really Simple Ssl, Wordpress | 2026-06-16 | 8.1 High |
| Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | ||||
| CVE-2025-24230 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-16 | 9.8 Critical |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination. | ||||
| CVE-2025-48700 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra | 2026-06-16 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction. | ||||
| CVE-2026-49065 | 2 Hippooo, Wordpress | 2 Hippoo Mobile App For Woocommerce, Wordpress | 2026-06-16 | 8.2 High |
| Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | ||||
| CVE-2026-49763 | 2 Crm Perks, Wordpress | 2 Integration For Contact Form 7 Hubspot, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | ||||