Export limit exceeded: 12389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12389 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24165 | 1 Apple | 1 Macos | 2026-06-15 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. | ||||
| CVE-2026-53520 | 1 Nezhahq | 1 Nezha | 2026-06-15 | 6.5 Medium |
| Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0. | ||||
| CVE-2023-50780 | 1 Apache | 1 Artemis | 2026-06-15 | 8.8 High |
| Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. | ||||
| CVE-2021-26118 | 3 Apache, Netapp, Redhat | 3 Artemis, Oncommand Workflow Automation, Amq Broker | 2026-06-15 | 7.5 High |
| While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | ||||
| CVE-2021-26117 | 5 Apache, Debian, Netapp and 2 more | 10 Activemq, Artemis, Debian Linux and 7 more | 2026-06-15 | 7.5 High |
| The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. | ||||
| CVE-2026-12190 | 1 Genspark | 1 Ai Workspace App | 2026-06-15 | 5.3 Medium |
| A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-44249 | 1 Netty | 1 Netty | 2026-06-15 | 8.1 High |
| Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue. | ||||
| CVE-2026-50623 | 1 Apache | 1 Cxf | 2026-06-13 | 4.8 Medium |
| An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint (/services/oauth2/introspect) can be accessed by any unauthenticated network attacker. However note that this is a safeguard only in the case that someone forgot to enable authentication on the service. Users are recommended to upgrade to version 4.2.2 or 4.1.7, which fixes this issue. | ||||
| CVE-2026-44492 | 1 Axios | 1 Axios | 2026-06-13 | 8.6 High |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked. This vulnerability is fixed in 0.32.0 and 1.16.0. | ||||
| CVE-2026-44208 | 1 Frappe | 1 Frappe | 2026-06-13 | N/A |
| Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0. | ||||
| CVE-2026-45178 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Conjur Enterprise, Conjur Enterprise | 2026-06-12 | N/A |
| Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20 | ||||
| CVE-2026-45177 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Conjur Cloud, Conjur Cloud Edge Finding Only | 2026-06-12 | N/A |
| Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20 | ||||
| CVE-2026-48610 | 1 Ubiquiti | 15 Efg, Express 7, Ucg-fiber and 12 more | 2026-06-12 | 8.1 High |
| Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices. | ||||
| CVE-2026-20259 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2026-06-12 | 5.5 Medium |
| In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control. | ||||
| CVE-2026-47342 | 1 Apache | 1 Ofbiz | 2026-06-12 | 8.8 High |
| A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue. | ||||
| CVE-2026-42902 | 1 Microsoft | 2 Power Toys, Powertoys | 2026-06-12 | 7.8 High |
| Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-12031 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-12 | 8.3 High |
| Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12032 | 1 Google | 2 Android, Chrome | 2026-06-12 | 3.1 Low |
| Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-44976 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4. | ||||
| CVE-2026-11459 | 1 Secureage | 1 Catchpulse | 2026-06-12 | 3.3 Low |
| A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. | ||||