Lucene search
K

363761 matches found

NVD
NVD
•added 2026/06/17 1:19 p.m.•9 views

CVE-2026-10839

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...

5.1CVSS0.0042EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•7 views

CVE-2026-11975

Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...

6.2CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/17 1:19 p.m.•9 views

CVE-2026-11858

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

8.4CVSS0.00126EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•14 views

CVE-2026-11857

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local...

8.4CVSS0.00273EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2026-10836

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising...

5.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•9 views

CVE-2026-10837

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited...

5.1CVSS0.00315EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•12 views

CVE-2026-10094

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...

9.8CVSS0.0038EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•12 views

CVE-2026-0083

In Nfc::eventCallback of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00121EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•18 views

CVE-2026-0071

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00155EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•20 views

CVE-2026-0081

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00148EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•10 views

CVE-2026-0082

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00165EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•11 views

CVE-2026-0092

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00218EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•21 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS0.00123EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•7 views

CVE-2025-69176

Unauthenticated Local File Inclusion in ITactics = 1.0 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•9 views

CVE-2025-69177

Unauthenticated Local File Inclusion in Roneous = 2.1.5 versions...

8.1CVSS0.00474EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•5 views

CVE-2025-69178

Unauthenticated Local File Inclusion in Truemag = 4.3.14.2 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•12 views

CVE-2025-69179

Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...

9.8CVSS0.0045EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2026-0019

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.0008EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•7 views

CVE-2026-0057

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS0.00065EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•10 views

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00155EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•9 views

CVE-2026-0064

In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00122EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69173

Unauthenticated Local File Inclusion in Tipsy = 1.1 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•6 views

CVE-2025-69163

Unauthenticated Local File Inclusion in WineShop = 3.17 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69168

Unauthenticated Local File Inclusion in Spike = 1.2 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•10 views

CVE-2025-69171

Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•7 views

CVE-2025-69165

Unauthenticated Local File Inclusion in Choreo = 1.6 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•11 views

CVE-2025-69167

Unauthenticated Local File Inclusion in Eros = 1.3 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•5 views

CVE-2025-69172

Unauthenticated Local File Inclusion in Resurs = 1.3 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•7 views

CVE-2025-69151

Unauthenticated Cross Site Scripting XSS in Grand Car Rental = 3.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•6 views

CVE-2025-69162

Unauthenticated Local File Inclusion in Grecko = 5.17 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•6 views

CVE-2025-69161

Unauthenticated Local File Inclusion in Snowy = 1.13 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69160

Unauthenticated Local File Inclusion in Gita = 1.11 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69159

Unauthenticated Local File Inclusion in Printo = 1.11 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•5 views

CVE-2025-69150

Unauthenticated Local File Inclusion in Medeus = 1.14 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69147

Unauthenticated Local File Inclusion in Putter = 1.17 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•7 views

CVE-2025-69148

Unauthenticated Local File Inclusion in Quirky = 1.23 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•9 views

CVE-2025-69146

Unauthenticated Local File Inclusion in Dom = 1.24 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•10 views

CVE-2025-69149

Unauthenticated Local File Inclusion in Top Dog = 1.0.5 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69138

Subscriber Privilege Escalation in Genemy = 1.6.6 versions...

8.8CVSS0.00389EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•10 views

CVE-2025-69139

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...

8.6CVSS0.00533EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69141

Unauthenticated Local File Inclusion in Kelly Young = 1.1.0 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•4 views

CVE-2025-69136

Unauthenticated Local File Inclusion in Wanium = 1.9.8 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•6 views

CVE-2025-69145

Unauthenticated Local File Inclusion in Gat = 1.16 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•7 views

CVE-2025-69142

Unauthenticated Local File Inclusion in Abelle = 1.22 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69137

Subscriber Broken Access Control in Genemy = 1.6.6 versions...

6.5CVSS0.00299EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•5 views

CVE-2025-69143

Unauthenticated Local File Inclusion in Mission = 1.22 versions...

8.1CVSS0.00435EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69135

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS0.00342EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•10 views

CVE-2025-69129

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS0.00432EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•11 views

CVE-2025-69125

Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...

8.1CVSS0.00348EPSS
Exploits0References1
NVD
NVD
•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-69121

Unauthenticated Local File Inclusion in Deliciosa = 1.10.0 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Total number of security vulnerabilities363761