Export limit exceeded: 84850 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84850 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45989 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrv_probe() The function testdrv_probe() retrieves the device_node from the PCI device, applies an overlay, and then immediately calls of_node_put(dn). This releases the reference held by the PCI core, potentially freeing the node if the reference count drops to zero. Later, the same freed pointer 'dn' is passed to of_platform_default_populate(), leading to a use-after-free. The reference to pdev->dev.of_node is owned by the device model and should not be released by the driver. Remove the erroneous of_node_put() to prevent premature freeing. | ||||
| CVE-2026-48873 | 2 Montonio, Wordpress | 2 Montonio For Woocommerce, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions. | ||||
| CVE-2026-45994 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in command_file_write due to missing size checks The command_file_write() handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot command protocol before passing it to get_dot_command_size() and get_dot_command_timeout(). Since both the allocation size (count) and the header fields (command_size, data_size) are independently user-controlled, an attacker can cause get_dot_command_size() to return a value exceeding the allocation, triggering OOB reads in get_dot_command_timeout() and an out-of-bounds memcpy_toio() that leaks kernel heap memory to the service processor. Fix with two guards: reject writes smaller than sizeof(struct dot_command_header) before allocation, then after copying user data reject commands where the buffer is smaller than the total size declared by the header (sizeof(header) + command_size + data_size). This ensures all subsequent header and payload field accesses stay within the buffer. | ||||
| CVE-2026-45995 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_struct uaf io_free_rbuf_ring() usees a struct user_struct, which io_zcrx_ifq_free() puts it down before destroying the ring. | ||||
| CVE-2026-47777 | 1 Joinmastodon | 1 Mastodon | 2026-06-16 | 7.5 High |
| Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the FeatureAuthorization object that is used to verify consent to be featured in a Collection and thus make it appear as if an account is allowed to be in a Collection when it actually is not. While the FeatureAuthorization must reside on the same domain as the object it is for, a check is missing to make sure said object is actually the same as in the Collection item. This allows an attacker to forge the authorization. Mastodon servers are affected only if running the main branch or nightly builds who have opted into testing the experimental "Collections" feature by setting the environment variable EXPERIMENTAL_FEATURES to a value including collections. This has been patched in version 4.6.0-beta.1. | ||||
| CVE-2026-48872 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Embedpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions. | ||||
| CVE-2026-46058 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_release() frees m2m_ctx while v4l2_m2m_try_run() is about to call device_run with the same context. Race sequence: v4l2_m2m_try_run(): v4l2_m2m_ctx_release(): lock/unlock v4l2_m2m_cancel_job() job_abort() v4l2_m2m_job_finish() kfree(m2m_ctx) <- frees ctx device_run() <- use-after-free crash at 0x538 Crash trace: Unable to handle kernel read from unreadable memory at virtual address 0000000000000538 v4l2_m2m_try_run+0x78/0x138 v4l2_m2m_device_run_work+0x14/0x20 The amphion vpu driver does not rely on the m2m framework's device_run callback to perform encode/decode operations. Fix the race by preventing m2m framework job scheduling entirely: - Add job_ready callback returning 0 (no jobs ready for m2m framework) - Remove job_abort callback to avoid the race condition | ||||
| CVE-2026-41722 | 1 Vmware | 5 Aria Operations, Cloud Foundation, Telco Cloud Platform and 2 more | 2026-06-16 | 8 High |
| VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. | ||||
| CVE-2026-41723 | 1 Vmware | 5 Aria Operations, Cloud Foundation, Telco Cloud Platform and 2 more | 2026-06-16 | 8 High |
| VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. | ||||
| CVE-2026-42661 | 2 Aguilatechnologies, Wordpress | 2 Wp Customer Area, Wordpress | 2026-06-16 | 8.8 High |
| Custom role Path Traversal in WP Customer Area <= 8.3.4 versions. | ||||
| CVE-2026-40732 | 2 Rainafarai, Wordpress | 2 Notification For Telegram, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions. | ||||
| CVE-2026-45998 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skb_unshare() failure If skb_unshare() fails to unshare a packet due to allocation failure in rxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread()) will be NULL'd out. This will likely cause the call to trace_rxrpc_rx_done() to oops. Fix this by moving the unsharing down to where rxrpc_input_call_event() calls rxrpc_input_call_packet(). There are a number of places prior to that where we ignore DATA packets for a variety of reasons (such as the call already being complete) for which an unshare is then avoided. And with that, rxrpc_input_packet() doesn't need to take a pointer to the pointer to the packet, so change that to just a pointer. | ||||
| CVE-2026-53811 | 1 Openclaw | 1 Openclaw | 2026-06-16 | 8.8 High |
| OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change display names can receive agent access intended for another Matrix identity, potentially gaining unauthorized permissions depending on operator configuration. | ||||
| CVE-2026-48838 | 2 Wordpress, Wpexperts | 2 Wordpress, Post Smtp | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions. | ||||
| CVE-2026-47261 | 1 Bytecodealliance | 1 Wasmtime | 2026-06-16 | 7.5 High |
| Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with only the OpenFlags::TRUNCATE oflag. The root cause is that the clause handling OpenFlags::TRUNCATE in crates/wasi/src/filesystem.rs (Dir::open_at, lines 967–969) did not set open_mode |= OpenMode::WRITE;, which is later used for the access control check against FilePerms to determine whether opening the file is permitted; the single-line fix adds that missing assignment, after which the affected calls correctly fail with error-code.not-permitted and ERRNO_PERM respectively. Only wasmtime-wasi embeddings that combine DirPerms::MUTATE with FilePerms::READ are affected by this bug. In particular, the Wasmtime project's wasmtime-cli's use of wasmtime-wasi is not affected, because it always sets FilePerms::all() for all preopens. This issue has been fixed in versions 24.0.9, 36.0.10 and44.0.2. | ||||
| CVE-2025-59133 | 2 Projectopia, Wordpress | 2 Projectopia, Wordpress | 2026-06-16 | 7.5 High |
| Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions. | ||||
| CVE-2026-27089 | 2 Magepeople, Wordpress | 2 Wptravelly, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions. | ||||
| CVE-2026-39490 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions. | ||||
| CVE-2026-39581 | 2 Activity-log.com, Wordpress | 2 Wp Sessions Time Monitoring Full Automatic, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions. | ||||
| CVE-2026-48885 | 2 Groundhogg, Wordpress | 2 Hollerbox, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. | ||||