Lucene search
+L
CvelistRecent

366964 matches found

Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2026-50874

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

0.01119EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-38061

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

0.01046EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-50888

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

0.00248EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-50881

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

0.00248EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•38 views

CVE-2026-36537

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

0.00511EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•30 views

CVE-2026-39196

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

0.00321EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•30 views

CVE-2026-50871

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

0.01571EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-50880

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

0.00476EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

0.00312EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-38060

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...

0.01046EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•38 views

CVE-2025-55652

A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00202EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•37 views

CVE-2025-55661

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00202EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00202EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2025-55649

A NULL pointer dereference in the gfmediamapesd function mediatools/isomtools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2025-55650

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•34 views

CVE-2025-55644

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•35 views

CVE-2025-55645

A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00235EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2025-55647

An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•32 views

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00235EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•34 views

CVE-2025-55641

A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2025-55643

A NULL pointer dereference in the TrackWriter handling component filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-38062

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

0.01046EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-36521

PublicCMS V5.202506.d has a Cross Site Scripting XSS vulnerability in the site configuration management module...

0.00181EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•32 views

CVE-2026-50870

An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...

0.00308EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2026-50878

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...

0.00441EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2026-39197

An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service DoS via a crafted request or payload...

0.00289EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•36 views

CVE-2026-37216

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting XSS at the interface /system/notice/add...

0.00181EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

0.00482EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•35 views

CVE-2026-30120

remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...

0.0081EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•37 views

CVE-2026-30121

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability...

0.00324EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•31 views

CVE-2025-70102

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, the code performs a member access on a NULL pointer of type 'struct dhcpopt' when an unexpected/invalid option token or parsing state caus...

0.00169EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•32 views

CVE-2025-55642

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmxprocess function isomedia/isomwrite.c...

0.00363EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

0.00165EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•47 views

CVE-2025-68713

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

0.00284EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•33 views

CVE-2026-50885

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

0.00287EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/15 12:0 a.m.•82 views

CVE-2026-38329

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

0.00627EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/14 11:45 p.m.•41 views

CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

8.6CVSS0.02385EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/14 11:30 p.m.•40 views

CVE-2026-12193 VS Revo RevoUninstaller IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

8.5CVSS0.00142EPSS
Exploits0References10
Cvelist
Cvelist
•added 2026/06/14 11:15 p.m.•41 views

CVE-2026-12192 GALAYOU Y4 Web Server buffer overflow

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

8.8CVSS0.00316EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/14 11:0 p.m.•37 views

CVE-2026-12191 Comma AI Openpilot Pickle modeld.py pickle.loads deserialization

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacte...

8.5CVSS0.00137EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/14 10:45 p.m.•38 views

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/14 10:30 p.m.•33 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/06/14 10:15 p.m.•32 views

CVE-2026-12188 Grit42 Grit GritEntityController grit_entity_controller.rb sql injection

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/gritentitycontroller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The...

6.5CVSS0.00196EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/14 10:0 p.m.•29 views

CVE-2026-12187 GL.iNet GL-MT3000 Online Firmware Upgrade one_click_upgrade command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS0.0194EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/06/14 8:45 p.m.•29 views

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS0.01966EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/06/14 5:38 p.m.•29 views

CVE-2026-54413

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...

8.8CVSS0.00459EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/14 5:26 p.m.•31 views

CVE-2026-54412

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS0.00407EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/06/14 5:21 p.m.•33 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS0.00321EPSS
Exploits0References4
Total number of security vulnerabilities366964