Export limit exceeded: 361374 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361374 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57880 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2025-63041 | 2026-06-26 | 5.4 Medium | ||
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. | ||||
| CVE-2025-68052 | 2026-06-26 | 8.8 High | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions. | ||||
| CVE-2026-52701 | 2026-06-26 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions. | ||||
| CVE-2026-54839 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions. | ||||
| CVE-2026-56011 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions. | ||||
| CVE-2026-56030 | 2026-06-26 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. | ||||
| CVE-2026-57618 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions. | ||||
| CVE-2026-57631 | 2026-06-26 | 7.6 High | ||
| Administrator SQL Injection in Popup box <= 6.0.1 versions. | ||||
| CVE-2026-57637 | 2026-06-26 | 4.3 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions. | ||||
| CVE-2026-57924 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details | ||||
| CVE-2026-57925 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 4.3 Medium |
| In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags | ||||
| CVE-2026-57926 | 1 Jetbrains | 1 Youtrack | 2026-06-26 | 2.6 Low |
| In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack | ||||
| CVE-2026-56036 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions. | ||||
| CVE-2026-56044 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions. | ||||
| CVE-2026-33646 | 2026-06-26 | 9.6 Critical | ||
| mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not subject to trust verification in non-paranoid mode. This means an attacker can place a malicious .tool-versions file in a git repository, and when a victim with mise activated cds into the directory, arbitrary commands execute without any trust prompt. This vulnerability is fixed in 2026.3.10. | ||||
| CVE-2026-55677 | 2026-06-26 | 7.5 High | ||
| Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path (preserving %2F as-is), while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an attacker to bypass route-level access controls and read static files without authorization. This vulnerability is fixed in 4.15.3 and 5.2.0. | ||||
| CVE-2026-45405 | 2026-06-26 | 9 Critical | ||
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent entries, allowing an attacker to write arbitrary files anywhere writable by the dokku user — including overwriting ~/.ssh/authorized_keys to gain unrestricted shell access. This vulnerability is fixed in 0.38.2. | ||||
| CVE-2026-55441 | 2026-06-26 | 8.6 High | ||
| mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir (mise-tasks/, .mise/tasks/, …) but no config file, mise falls back to the default includes and renders each task's tera fields — and that tera environment has exec() registered. A {{ exec(command='…') }} in any rendered field runs arbitrary commands the moment the tasks are merely listed. There's no config file to gate on, so no trust prompt ever appears. Read-only commands trigger it: mise tasks, mise task ls, mise run, mise tasks --usage (the query shell completion runs on Tab). The victim only has to cd into a cloned repo and list or tab-complete a task. This vulnerability is fixed in 2026.6.4. | ||||
| CVE-2026-56070 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. | ||||