Lucene search
K

364114 matches found

NVD
NVD
added 2026/06/16 3:16 a.m.18 views

CVE-2026-7273

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90ABTQ.1C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request...

8.8CVSS0.00315EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 2:16 a.m.14 views

CVE-2026-42014

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS0.0015EPSS
Exploits0References15
NVD
NVD
added 2026/06/16 2:16 a.m.8 views

CVE-2026-1765

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

5.6CVSS0.00139EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 2:16 a.m.10 views

CVE-2026-1767

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

8.1CVSS0.00246EPSS
Exploits1References2
NVD
NVD
added 2026/06/16 2:16 a.m.11 views

CVE-2026-1766

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

6.1CVSS0.00158EPSS
Exploits1References2
NVD
NVD
added 2026/06/16 2:16 a.m.12 views

CVE-2026-1764

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

5.6CVSS0.00209EPSS
Exploits2References2
NVD
NVD
added 2026/06/16 1:16 a.m.7 views

CVE-2026-12162

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...

5.5CVSS0.00112EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 1:16 a.m.10 views

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

8.8CVSS0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 12:16 a.m.11 views

CVE-2026-9262

Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.5CVSS0.00264EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 12:16 a.m.10 views

CVE-2026-9261

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

9.8CVSS0.00184EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 12:16 a.m.8 views

CVE-2026-9260

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

9.8CVSS0.00232EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 12:16 a.m.9 views

CVE-2026-9259

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

9.8CVSS0.00195EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 12:16 a.m.11 views

CVE-2026-9258

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

9.8CVSS0.00267EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 11:16 p.m.13 views

CVE-2026-53430

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

8.7CVSS0.00348EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 11:16 p.m.12 views

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...

9.2CVSS0.00573EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 11:16 p.m.19 views

CVE-2026-48723

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

7.8CVSS0.00533EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 11:16 p.m.12 views

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS0.00344EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 11:16 p.m.11 views

CVE-2026-48599

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS0.00273EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 11:16 p.m.12 views

CVE-2026-12205

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS0.00289EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 10:16 p.m.13 views

CVE-2026-5064

Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities...

8.5CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 10:16 p.m.11 views

CVE-2026-48714

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys proto, constructor, and prototype added in 3.9.3, see GHSA-5fgg-jcpf-8jjw, but did not...

9.1CVSS0.00419EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 10:16 p.m.12 views

CVE-2026-48157

Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle and/or setDescription to include untrusted/request-derived data in the error title or description e.g. "No products found...

6.1CVSS0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 10:16 p.m.16 views

CVE-2026-48713

Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input. Backend.writeFile splits each queued missing-key string on the configured...

9.1CVSS0.00419EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 10:16 p.m.14 views

CVE-2026-48017

DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...

8.8CVSS0.0051EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 10:16 p.m.18 views

CVE-2026-12087

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, packipmreqsource checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte...

9.1CVSS0.00389EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 10:16 p.m.12 views

CVE-2026-11832

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

9.1CVSS0.00327EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-9691

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

9.8CVSS0.00476EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 9:17 p.m.9 views

CVE-2026-52697

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

8.5CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-52694

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-52700

Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...

8.5CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-52699

Unauthenticated Insecure Direct Object References IDOR in VikRentCar = 1.4.5 versions...

7.5CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-52702

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...

7.1CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.13 views

CVE-2026-52695

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...

7.5CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.14 views

CVE-2026-52703

Unauthenticated Path Traversal in FastDup = 2.7.2 versions...

9.6CVSS0.00436EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-52693

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

9.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.9 views

CVE-2026-52692

Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.18 views

CVE-2026-49781

Unauthenticated PHP Object Injection in OttoKit = 1.1.27 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-49770

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-49780

Customer Privilege Escalation in Dokan = 5.0.2 versions...

8.8CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.13 views

CVE-2026-49776

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...

9.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49775

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

6.5CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-49773

Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...

6.5CVSS0.00166EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49769

Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49766

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS0.00506EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.9 views

CVE-2026-49768

Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49765

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.21 views

CVE-2026-49764

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS0.004EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.14 views

CVE-2026-49763

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.14 views

CVE-2026-49083

Contributor Privilege Escalation in LatePoint = 5.5.1 versions...

7.5CVSS0.00287EPSS
Exploits2References1
NVD
NVD
added 2026/06/15 9:17 p.m.13 views

CVE-2026-49110

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

7.5CVSS0.00236EPSS
Exploits0References1
Total number of security vulnerabilities364114