Lucene search
+L
CvelistRecent

366964 matches found

Cvelist
Cvelist
•added 2026/06/15 6:0 a.m.•41 views

CVE-2026-8385 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

0.00192EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 5:30 a.m.•44 views

CVE-2026-12223 Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS0.01194EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 5:15 a.m.•42 views

CVE-2026-12222 Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflow

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS0.00371EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 5:0 a.m.•43 views

CVE-2026-12221 Yealink SIP-T46U Firmware Chunk Upload upgrade sprintf stack-based overflow

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

8.6CVSS0.00371EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 4:45 a.m.•45 views

CVE-2026-12220 Yealink SIP-T46U Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUpload stack-based overflow

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS0.00371EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 4:30 a.m.•44 views

CVE-2026-12219 Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function moddiagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS0.0105EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 4:15 a.m.•44 views

CVE-2026-12218 Yealink SIP-T46U Web FastCGI Service beforewifitest StartReportInformation stack-based overflow

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS0.00371EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 4:0 a.m.•42 views

CVE-2026-12217 DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...

8.5CVSS0.00111EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 3:45 a.m.•42 views

CVE-2026-12216 svaarala duktape duk_api_bytecode.c memory corruption

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS0.00112EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 3:30 a.m.•41 views

CVE-2026-12214 Qihoo 360 Total Security Nucleus Engine Monitoring Logic RpcStringBindingComposeW protection mechanism

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...

8.5CVSS0.00124EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 3:15 a.m.•43 views

CVE-2026-12213 hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...

5.3CVSS0.00203EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/15 3:0 a.m.•42 views

CVE-2026-12212 hcengineering Huly Platform RPC operations.ts getMailboxSecret access control

A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

5.3CVSS0.00207EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/15 2:45 a.m.•44 views

CVE-2026-12211 Intelbras iNVU 7016 FT Web syslog path traversal

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS0.00372EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/06/15 2:30 a.m.•42 views

CVE-2026-12210 universal-tool-calling-protocol python-utcp utcp-gql/utcp-websocket server-side request forgery

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

6.5CVSS0.00228EPSS
Exploits0References7
Cvelist
Cvelist
•added 2026/06/15 2:15 a.m.•41 views

CVE-2026-12209 RubyLouvre avalon Template Filter index.js prototype pollution

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is...

6.9CVSS0.00314EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 2:0 a.m.•37 views

CVE-2026-12208 jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS0.00314EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 1:45 a.m.•41 views

CVE-2026-12207 medkey-org medkey HTTP REST API PatientController.php actionGetPatientById resource injection

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...

5.3CVSS0.00226EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 1:30 a.m.•39 views

CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.00196EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 1:15 a.m.•45 views

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS0.00292EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 1:0 a.m.•42 views

CVE-2026-12203 HKUDS AI-Trader Research Export agents.csv information disclosure

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS0.00402EPSS
Exploits0References9
Cvelist
Cvelist
•added 2026/06/15 12:45 a.m.•37 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/06/15 12:30 a.m.•41 views

CVE-2026-12201 IObit Malware Fighter DLL permission

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

5.3CVSS0.00103EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/06/15 12:15 a.m.•40 views

CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS0.00324EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•42 views

CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS0.00525EPSS
Exploits0References7
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-36213

An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component...

0.00479EPSS
Exploits2References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•35 views

CVE-2026-50872

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

0.0056EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•32 views

CVE-2026-50869

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...

0.00718EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•34 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

0.00171EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-50882

An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...

0.00324EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•38 views

CVE-2026-39118

An issue in Iru, Inc Kandji Agent before v.4.7.55374 allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality...

0.00118EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•29 views

CVE-2026-39007

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component...

0.00375EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-45388

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

0.00225EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•44 views

CVE-2026-50875

Incorrect access control in the /form/webhooks/webhook endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request...

0.00282EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-38065

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...

0.01345EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

0.00321EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•32 views

CVE-2026-50876

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

0.00162EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2026-50879

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...

0.00324EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•32 views

CVE-2026-36933

An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature...

0.00174EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•30 views

CVE-2026-50887

A Server-Side Request Forgery SSRF in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl...

0.00287EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2026-38812

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

0.00393EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-50877

An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters...

0.00577EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-50873

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...

0.00441EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•35 views

CVE-2026-50884

Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components...

0.00286EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•29 views

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

0.00191EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-45390

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

0.00373EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•30 views

CVE-2026-38063

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionradioonwithiaapn via the ia parameter...

0.01046EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•32 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

0.00374EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•32 views

CVE-2026-38064

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actiondialcall via the dialNumber parameter...

0.01046EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•30 views

CVE-2026-50891

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

0.00326EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-39006

An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component...

0.00515EPSS
Exploits1References1
Total number of security vulnerabilities366964