Export limit exceeded: 361183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36213 | 1 Microvirt | 1 Memu Android Emulator | 2026-06-26 | 7.8 High |
| An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component. | ||||
| CVE-2026-36933 | 1 Boyleep | 1 K11 | 2026-06-26 | 6.8 Medium |
| An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature. | ||||
| CVE-2026-39006 | 1 Agentpp | 1 Snmp4j-agent | 2026-06-26 | 9.8 Critical |
| An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component. | ||||
| CVE-2026-39007 | 1 Observeinc | 1 Observe | 2026-06-26 | 7.5 High |
| An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component. | ||||
| CVE-2026-45390 | 1 Ocaml | 1 Ocaml | 2026-06-26 | 9.1 Critical |
| In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the desired extraction directory (to an attacker that can reach a tar decompression endpoint). | ||||
| CVE-2026-50870 | 1 Benbusby | 1 Whoogle Search | 2026-06-26 | 7.5 High |
| An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request. | ||||
| CVE-2026-50872 | 1 Fossar | 1 Selfoss | 2026-06-26 | 9.8 Critical |
| An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request. | ||||
| CVE-2026-50873 | 1 Flatnotes | 1 Flatnotes | 2026-06-26 | 9.8 Critical |
| An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file. | ||||
| CVE-2026-50875 | 1 Deck9 | 1 Deck9 Input | 2026-06-26 | 8.1 High |
| Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request. | ||||
| CVE-2026-50876 | 1 Deck9 | 1 Deck9 Input | 2026-06-26 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2026-50879 | 1 Linx-server | 1 Linx-server | 2026-06-26 | 7.5 High |
| An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2026-50880 | 1 Youtransfer | 1 Youtransfer | 2026-06-26 | 9.8 Critical |
| An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request. | ||||
| CVE-2026-50882 | 1 Anna-is-cute | 1 Paste | 2026-06-26 | 7.5 High |
| An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2026-50883 | 1 Matze | 1 Wastebin | 2026-06-26 | 9.6 Critical |
| An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload. | ||||
| CVE-2026-50884 | 1 Statping-ng | 1 Statping-ng | 2026-06-26 | 8.8 High |
| Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components. | ||||
| CVE-2026-50886 | 1 Firefly | 1 Project Firefly Iii | 2026-06-26 | 9.1 Critical |
| Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request. | ||||
| CVE-2026-50887 | 1 Shlink | 1 Shlink | 2026-06-26 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl. | ||||
| CVE-2026-50889 | 1 Lldap | 1 Lldap | 2026-06-26 | 7.5 High |
| An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted refresh-token header. | ||||
| CVE-2016-20066 | 2 Dwbooster, Wordpress | 2 Cp Polls, Wordpress | 2026-06-26 | 7.2 High |
| WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary JavaScript in the browsers of users viewing the affected content. | ||||
| CVE-2016-20067 | 2 Dwbooster, Wordpress | 2 Cp Polls, Wordpress | 2026-06-26 | 4.3 Medium |
| WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in. | ||||