Export limit exceeded: 365152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365152 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-62143 | 1 Misp | 1 Misp-modules | 2026-07-13 | N/A |
| A Server-Side Request Forgery (SSRF) protection bypass existed in the html_to_markdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges without first normalising IPv4-mapped IPv6 addresses. An authenticated attacker able to invoke the module could supply an IPv4-mapped IPv6 address, such as: http://[::ffff:127.0.0.1]/ http://[::ffff:169.254.169.254]/ Alternatively, the attacker could use a hostname that resolves to an IPv4-mapped IPv6 address. These addresses were treated as IPv6 addresses and therefore did not match the corresponding blocked IPv4 ranges. Successful exploitation could cause the misp-modules server to connect to services available through its loopback interface, internal network, or link-local network. This could expose internal web services, administrative interfaces, or cloud instance metadata, with retrieved content potentially returned to the attacker as converted Markdown. The vulnerability has been addressed by normalising IPv4-mapped IPv6 addresses to their underlying IPv4 representation before applying the blocked-range checks. URLs without a valid hostname are now also rejected. | ||||
| CVE-2026-10103 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 4.3 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689 | ||||
| CVE-2026-9708 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 4.9 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via crafted incoming webhook configuration and payloads.. Mattermost Advisory ID: MMSA-2026-00683 | ||||
| CVE-2026-10085 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 5.4 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to restrict the group_constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation via the channel patch API.. Mattermost Advisory ID: MMSA-2026-00688 | ||||
| CVE-2026-10106 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 6.5 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in that channel via a cookie obtained from any accessible channel.. Mattermost Advisory ID: MMSA-2026-00690 | ||||
| CVE-2026-6850 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 6.5 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload that triggers catastrophic backtracking in the client-side markdown parser.. Mattermost Advisory ID: MMSA-2026-00658 | ||||
| CVE-2026-9597 | 1 Mattermost | 1 Mattermost | 2026-07-13 | 5.4 Medium |
| Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation.. Mattermost Advisory ID: MMSA-2026-00681 | ||||
| CVE-2026-22103 | 2026-07-13 | N/A | ||
| The NPC start endpoint on the web server at port 8090 is vulnerable to command injection. | ||||
| CVE-2026-22098 | 2026-07-13 | N/A | ||
| Various sensitive information such as passwords and charging card UIDs are written to log files. | ||||
| CVE-2026-22097 | 2026-07-13 | N/A | ||
| The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution. | ||||
| CVE-2026-22099 | 2026-07-13 | N/A | ||
| The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL. | ||||
| CVE-2026-22102 | 2026-07-13 | N/A | ||
| A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or remote-code-execution by overwriting shell-scripts which execution can be triggered through other means. | ||||
| CVE-2026-22096 | 2026-07-13 | N/A | ||
| The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints. | ||||
| CVE-2026-22100 | 2026-07-13 | N/A | ||
| The OCPP DataTransfer message `ReserveLogin` is vulnerable to command injection. By manipulating the data value, arbitrary OS commands can be executed as root. | ||||
| CVE-2026-22095 | 2026-07-13 | N/A | ||
| The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection. | ||||
| CVE-2026-22093 | 2026-07-13 | N/A | ||
| The EVbee Service Android app uses TLS encrypted communication (HTTPS), but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is weakly encrypted using RC4 with a hardcoded key, which allows an attacker to gain access to the communication. Part of this communication involves access codes to charging stations. This issue affects EVbee Service: v1.4.101.00. | ||||
| CVE-2026-41041 | 2026-07-13 | N/A | ||
| URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue. | ||||
| CVE-2026-49876 | 2026-07-13 | N/A | ||
| Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | ||||
| CVE-2026-53482 | 1 Dell | 1 Powerprotect Data Domain | 2026-07-13 | 7.5 High |
| Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2026-15044 | 1 Redhat | 1 Openshift Ai | 2026-07-13 | 6.3 Medium |
| A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the cluster to access the AI guardrails and orchestrator without proper authorization. An attacker could exploit this to gain unauthorized access to sensitive information and potentially make limited changes to the AI models. | ||||