Lucene search
K

364228 matches found

NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-54296

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12075. Reason: This candidate is a duplicate of CVE-2026-12075. Notes: All CVE users should reference CVE-2026-12075 instead of this candidate...

0.00032EPSS
Exploits0
NVD
NVD
•added 2026/06/15 8:16 p.m.•13 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS0.00186EPSS
Exploits0References3
NVD
NVD
•added 2026/06/15 8:16 p.m.•14 views

CVE-2026-53703

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS0.00191EPSS
Exploits0References4
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-53705

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS0.003EPSS
Exploits0References6
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-52721

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS0.00107EPSS
Exploits0References3
NVD
NVD
•added 2026/06/15 8:16 p.m.•13 views

CVE-2026-50891

Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request...

8.1CVSS0.00326EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•12 views

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

9.8CVSS0.00321EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•18 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

6.5CVSS0.00171EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-52719

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS0.0028EPSS
Exploits0References6
NVD
NVD
•added 2026/06/15 8:16 p.m.•10 views

CVE-2026-52720

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS0.00489EPSS
Exploits0References7
NVD
NVD
•added 2026/06/15 8:16 p.m.•11 views

CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS0.00307EPSS
Exploits0References5
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-52722

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS0.00288EPSS
Exploits0References7
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

9.6CVSS0.00374EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•12 views

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

9.1CVSS0.00312EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•7 views

CVE-2026-50881

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...

8.1CVSS0.00248EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•11 views

CVE-2026-50887

A Server-Side Request Forgery SSRF in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl...

9.1CVSS0.00287EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•11 views

CVE-2026-50884

Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components...

8.8CVSS0.00286EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

7.5CVSS0.00482EPSS
Exploits1References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-50885

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

7.5CVSS0.00287EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•11 views

CVE-2026-50882

An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS0.00324EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-50888

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

8.1CVSS0.00248EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•10 views

CVE-2026-50876

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS0.00162EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•10 views

CVE-2026-50874

An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

8.1CVSS0.01119EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-50878

An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS0.00441EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-50877

An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters...

7.5CVSS0.00577EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-50873

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...

9.8CVSS0.00441EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-50879

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS0.00324EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-50875

Incorrect access control in the /form/webhooks/webhook endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request...

8.1CVSS0.00282EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•10 views

CVE-2026-50880

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

9.8CVSS0.00476EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-50871

An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...

9.8CVSS0.01571EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•10 views

CVE-2026-50870

An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...

7.5CVSS0.00308EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•7 views

CVE-2026-49954

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

8.6CVSS0.00525EPSS
Exploits2References4
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-50869

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...

9.8CVSS0.00718EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-50872

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

9.8CVSS0.0056EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-49953

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS0.00359EPSS
Exploits0References4
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-49952

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

9.3CVSS0.0135EPSS
Exploits3References5
NVD
NVD
•added 2026/06/15 8:16 p.m.•6 views

CVE-2026-45390

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

9.1CVSS0.00373EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•10 views

CVE-2026-45389

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

7.4CVSS0.00191EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•10 views

CVE-2026-47835

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS0.00254EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-45388

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

9.1CVSS0.00225EPSS
Exploits1References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-48114

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVESTSITESCHEDULE via string...

9.8CVSS0.0037EPSS
Exploits0References2
NVD
NVD
•added 2026/06/15 8:16 p.m.•33 views

CVE-2026-39196

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

9.8CVSS0.00321EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-39197

An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service DoS via a crafted request or payload...

6.5CVSS0.00289EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•12 views

CVE-2026-38812

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

9.8CVSS0.00393EPSS
Exploits1References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•7 views

CVE-2026-39006

An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component...

9.8CVSS0.00515EPSS
Exploits1References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•8 views

CVE-2026-39007

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component...

7.5CVSS0.00375EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-41708

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•22 views

CVE-2026-39118

An issue in Iru, Inc Kandji Agent before v.4.7.55374 allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality...

8.4CVSS0.00118EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•23 views

CVE-2026-38329

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

9.8CVSS0.00627EPSS
Exploits0References1
NVD
NVD
•added 2026/06/15 8:16 p.m.•9 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

8.8CVSS0.00361EPSS
Exploits1References1
Total number of security vulnerabilities364228