Export limit exceeded: 359752 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359752 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359752 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12822 | 1 Langflow | 1 Langflow | 2026-06-21 | 5.3 Medium |
| A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12805 | 1 Offis | 1 Dcmtk | 2026-06-21 | 6.3 Medium |
| A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to heap-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. This patch is called 1d4b3815c0987840a983160bfc671fef63a3105b. It is best practice to apply a patch to resolve this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||
| CVE-2026-12815 | 1 Coollabsio | 1 Coolify | 2026-06-21 | 6.3 Medium |
| A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way. The changelog for 4.1.2 mentions "[i]mproved image, branch, proxy, and deployment input validation". | ||||
| CVE-2026-12845 | 2026-06-21 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2026-12812 | 1 Radware | 1 Cyber Controller | 2026-06-21 | 3.5 Low |
| A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12811 | 1 Kortix-ai | 1 Suna | 2026-06-21 | 4.3 Medium |
| A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.8.39 can resolve this issue. This patch is called f5dec7aa0c1b8fa0125938f292c0f2430ca75f6c. It is advisable to upgrade the affected component. The researcher explains: "The issue was fixed in v0.8.39 without notifying the wider user base via a security disclosure." | ||||
| CVE-2026-12809 | 1 Edimax | 1 Br-6478ac V2 | 2026-06-21 | 6.3 Medium |
| A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12770 | 2 Berriai, Litellm | 2 Litellm, Litellm | 2026-06-21 | 5.4 Medium |
| A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure. | ||||
| CVE-2026-12806 | 1 Edimax | 1 Br-6478ac V2 | 2026-06-21 | 8.8 High |
| A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12796 | 2 Berriai, Litellm | 2 Litellm, Litellm | 2026-06-21 | 6.3 Medium |
| A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-71378 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-06-21 | 8.1 High |
| picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load(). | ||||
| CVE-2026-56406 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | ||||
| CVE-2026-56412 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 4.9 Medium |
| libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. | ||||
| CVE-2026-12799 | 2 Berriai, Litellm | 2 Litellm, Litellm | 2026-06-21 | 4.3 Medium |
| A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-71348 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-06-21 | 8.1 High |
| picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks. | ||||
| CVE-2026-56403 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in storeAtts. | ||||
| CVE-2026-56407 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | ||||
| CVE-2026-56397 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2026-06-21 | 9.6 Critical |
| SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package displayName, description, or README fields, exploiting Electron's nodeIntegration setting to execute OS commands. | ||||
| CVE-2026-56405 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| libexpat before 2.8.2 has an integer overflow in getAttributeId. | ||||
| CVE-2026-56411 | 1 Libexpat Project | 1 Libexpat | 2026-06-21 | 6.9 Medium |
| xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | ||||