Export limit exceeded: 359062 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359062 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-46894 | 1 Oracle | 1 Isupplier Portal | 2026-06-17 | 8 High |
| Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Home Page). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle iSupplier Portal. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle iSupplier Portal. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-49079 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | ||||
| CVE-2026-22312 | 1 Radiflow | 1 Isap Smart Collector | 2026-06-17 | 8.6 High |
| The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g. system reboot). | ||||
| CVE-2026-54184 | 2026-06-17 | 8.2 High | ||
| Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | ||||
| CVE-2026-52696 | 2026-06-17 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions. | ||||
| CVE-2026-46448 | 1 Openstack | 1 Nova | 2026-06-17 | 5.4 Medium |
| In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. | ||||
| CVE-2025-62340 | 2026-06-17 | 3.1 Low | ||
| HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity | ||||
| CVE-2026-54196 | 2026-06-17 | 6.8 Medium | ||
| Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions. | ||||
| CVE-2026-54807 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | ||||
| CVE-2025-24178 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-17 | 9.8 Critical |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break out of its sandbox. | ||||
| CVE-2026-26833 | 1 Mmahrous | 1 Thumbler | 2026-06-17 | 9.8 Critical |
| thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping. | ||||
| CVE-2026-5463 | 2 Dan Mcinerney, Danmcinerney | 2 Pymetasploit3, Pymetasploit3 | 2026-06-17 | 8.6 High |
| Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions. | ||||
| CVE-2026-40688 | 1 Fortinet | 1 Fortiweb | 2026-06-17 | 6.7 Medium |
| An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. | ||||
| CVE-2026-28950 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-06-17 | 6.2 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the device. | ||||
| CVE-2026-36841 | 1 Totolink | 1 N200re-v5 | 2026-06-17 | 9.8 Critical |
| TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | ||||
| CVE-2026-6973 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-06-17 | 7.2 High |
| An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. | ||||
| CVE-2026-54192 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions. | ||||
| CVE-2024-37210 | 2026-06-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5. | ||||
| CVE-2026-54805 | 2026-06-17 | 8.8 High | ||
| Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions. | ||||
| CVE-2024-34810 | 2026-06-17 | 4.3 Medium | ||
| Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10. | ||||