Export limit exceeded: 357826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5314 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45776 | 2 Buffalo, Ubccr | 2 Open Xdmod, Xdmod | 2026-06-10 | 4.3 Medium |
| OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD includes the optional Job Performance (SUPReMM) module, an attacker could bypass intended data access restrictions and view other users' compute job efficiency metrics. All deployments of Open XDMoD prior to version 11.0.3 that contain the optional Job Performance (SUPReMM) module are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually. | ||||
| CVE-2026-45658 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.8 High |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2026-41728 | 1 Spring | 1 Spring Data Rest | 2026-06-10 | 7.5 High |
| Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5. | ||||
| CVE-2026-41837 | 1 Spring | 1 Spring Data Rest | 2026-06-10 | 5.3 Medium |
| Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5. | ||||
| CVE-2026-1933 | 2 Redhat, Samba | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-06-10 | 7.1 High |
| A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types. | ||||
| CVE-2026-48578 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.9 High |
| Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-36720 | 1 Bookcars | 1 Bookcars | 2026-06-10 | 8.1 High |
| Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. | ||||
| CVE-2026-8863 | 7 Baramundi Software, Blancco Uk, Finland Matriculation Board and 4 more | 12 Baramundi Management Suite, Whitecanyon Wipedrive, Abitti 1 and 9 more | 2026-06-10 | 7.8 High |
| Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders. | ||||
| CVE-2026-9067 | 2 Structured-data-for-wp, Wordpress | 2 Download Schema \& Structured Data For Wp \& Amp, Wordpress | 2026-06-10 | 9.1 Critical |
| The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos. | ||||
| CVE-2026-39169 | 1 Sem-cms | 1 Semcms | 2026-06-10 | 7.5 High |
| SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php. | ||||
| CVE-2026-45649 | 1 Microsoft | 6 Excel, Excel For Android, Powerpoint and 3 more | 2026-06-10 | 7.1 High |
| Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2026-49161 | 1 Microsoft | 1 Pc Manager | 2026-06-10 | 7.8 High |
| Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-41100 | 1 Microsoft | 8 365 Copilot, 365 Copilot Android, 365 Copilot Android and 5 more | 2026-06-09 | 4.4 Medium |
| Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2026-11274 | 2 Apple, Google | 2 Iphone Os, Chrome | 2026-06-09 | 4.3 Medium |
| Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-43600 | 1 Microsoft | 1 Office | 2026-06-09 | 7.8 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||
| CVE-2024-49107 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-06-09 | 7.3 High |
| WmsRepair Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-49105 | 1 Microsoft | 27 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 24 more | 2026-06-09 | 8.4 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2024-49068 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-06-09 | 8.2 High |
| Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
| CVE-2024-43594 | 1 Microsoft | 4 System Center, System Center 2019, System Center 2022 and 1 more | 2026-06-09 | 7.3 High |
| Microsoft System Center Elevation of Privilege Vulnerability | ||||
| CVE-2024-38204 | 1 Microsoft | 1 Azure Functions | 2026-06-09 | 7.5 High |
| Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | ||||