Export limit exceeded: 361481 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361481 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-11779 | 1 Payloadcms | 1 Payloadcms | 2026-06-26 | N/A |
| An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation. | ||||
| CVE-2026-45407 | 2026-06-26 | 5 Medium | ||
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who can traverse the dokku home directory. This vulnerability is fixed in 0.38.2. | ||||
| CVE-2026-54327 | 1 Earendil-works | 1 Pi | 2026-06-26 | 2.2 Low |
| Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only permissions. This vulnerability is fixed in 0.78.1. | ||||
| CVE-2026-48090 | 2026-06-26 | 5.9 Medium | ||
| Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late AsyncClient completion can still invoke OAuth2Filter methods that use StreamDecoderFilterCallbacks after that object’s lifetime has ended, causing undefined behavior, worker crashes (availability loss), and use-after-free / invalid-vptr failures under AddressSanitizer. This is a memory-safety / lifetime issue in the data plane, not a trivial config bug. Remote code execution is not claimed here; the primary demonstrated impact is DoS via crash and UB; any further impact would be deployment- and allocator-dependent. This vulnerability is fixed in 1.37.5 and 1.38.3. | ||||
| CVE-2026-47220 | 2026-06-26 | 7.5 High | ||
| Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in log format and host related options is specified, like HOST_FIRST, SNI_FIRST, it's possible to crash Envoy when the specified host header is missing in the request headers. This vulnerability is fixed in 1.37.5 and 1.38.3. | ||||
| CVE-2026-47205 | 2026-06-26 | 5.9 Medium | ||
| Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter when processing per-route authorization overrides concurrently with rapid downstream client disconnects. During standard request lifecycles, Envoy instantiates the ext_authz filter with a foundational authorization client object (client_). If a matched route dictates a dynamic per-route HTTP or gRPC authorization service override, the filter generates a localized client. In the vulnerable implementation, this transient client aggressively overwrote the default client_ unique pointer by executing client_ = std::move(per_route_client). When a client rapidly establishes and subsequently tears down a stream (such as rapidly refreshing a protected WebSocket endpoint), the downstream triggers the ConnectionManagerImpl::doDeferredStreamDestroy() -> ActiveStream::onResetStream() lifecycle. Envoy immediately sequences Filter::onDestroy() in an attempt to securely abort dispatched asynchronous authorization check transactions via client_->cancel(). By destructing the default client abruptly during initiateCall, a memory lifecycle misalignment occurs within the async client manager. The stream teardown fails to reliably track and cancel the dynamically bound asynchronous authorization tasks, orchestrating a sequence where a late asynchronous callback from the network evaluates against a heavily destroyed ActiveStream validation span, generating a UAF process crash. This vulnerability is fixed in 1.36.9, 1.37.5, and 1.38.3. | ||||
| CVE-2026-54557 | 2026-06-26 | 5.5 Medium | ||
| mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an absolute path, PathBuf::join discards the intended mise installs root. A repository-controlled .tool-versions file can therefore make mise install create a symlink outside the mise install tree. With bin_path, the same issue can place an executable symlink under an attacker-selected absolute prefix, such as a developer-tool prefix that is later added to PATH. This vulnerability is fixed in 2026.6.1. | ||||
| CVE-2026-57645 | 2026-06-26 | 8.1 High | ||
| newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-57657 | 2026-06-26 | 4.3 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | ||||
| CVE-2026-57663 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | ||||
| CVE-2026-56790 | 1 Canboat | 1 Canboat | 2026-06-26 | 7.3 High |
| CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service. | ||||
| CVE-2025-63078 | 2026-06-26 | 4.3 Medium | ||
| Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | ||||
| CVE-2025-68063 | 2026-06-26 | 7.5 High | ||
| Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. | ||||
| CVE-2026-54820 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. | ||||
| CVE-2026-54832 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions. | ||||
| CVE-2026-54840 | 2026-06-26 | 7.3 High | ||
| Unauthenticated Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-56025 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions. | ||||
| CVE-2026-56038 | 2026-06-26 | 8.8 High | ||
| Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions. | ||||
| CVE-2026-57638 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | ||||
| CVE-2026-57651 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. | ||||