Lucene search
K

364228 matches found

NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-38064

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actiondialcall via the dialNumber parameter...

9.8CVSS0.01046EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-38060

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionunlocksim via the pin parameter...

9.8CVSS0.01046EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2026-38062

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

9.8CVSS0.01046EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-38061

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

9.8CVSS0.01046EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-38063

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionradioonwithiaapn via the ia parameter...

9.8CVSS0.01046EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2026-36933

An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature...

6.8CVSS0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-38065

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...

9.8CVSS0.01345EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-37216

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting XSS at the interface /system/notice/add...

6.1CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-11931

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS0.00115EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-30120

remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...

9.8CVSS0.0081EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2026-36521

PublicCMS V5.202506.d has a Cross Site Scripting XSS vulnerability in the site configuration management module...

6.1CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2026-36213

An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component...

7.8CVSS0.00479EPSS
Exploits2References1
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2026-36537

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

9.8CVSS0.00511EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2026-30121

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability...

9.1CVSS0.00324EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2025-55650

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2025-68713

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

8CVSS0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.6 views

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

7.8CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2025-70102

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, the code performs a member access on a NULL pointer of type 'struct dhcpopt' when an unexpected/invalid option token or parsing state caus...

6.3CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2025-55652

A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2025-55661

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2025-55645

A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00235EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2025-55644

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2025-55643

A NULL pointer dereference in the TrackWriter handling component filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2025-55647

An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00235EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2025-55649

A NULL pointer dereference in the gfmediamapesd function mediatools/isomtools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2025-55642

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmxprocess function isomedia/isomwrite.c...

6.5CVSS0.00363EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2025-55641

A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 6:16 p.m.17 views

CVE-2026-8356

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose...

6.9CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.10 views

CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.11 views

CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.14 views

CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.14 views

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

7.8CVSS0.00139EPSS
Exploits0References6
NVD
NVD
added 2026/06/15 6:16 p.m.13 views

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

7.3CVSS0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 6:16 p.m.15 views

CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

6.9CVSS0.00157EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.16 views

CVE-2026-49294

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.14 views

CVE-2026-47777

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 6:16 p.m.19 views

CVE-2026-20262

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS0.07683EPSS
Exploits2References2
NVD
NVD
added 2026/06/15 4:16 p.m.8 views

CVE-2026-9862

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS0.00865EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 4:16 p.m.8 views

CVE-2026-9863

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS0.00579EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 4:16 p.m.12 views

CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS0.00163EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 4:16 p.m.11 views

CVE-2026-5038

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...

7.5CVSS0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 4:16 p.m.10 views

CVE-2026-8683

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 4:16 p.m.12 views

CVE-2025-15659

Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...

6.5CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 4:16 p.m.12 views

CVE-2026-10634

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

5.3CVSS0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 4:16 p.m.14 views

CVE-2025-15658

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

5.9CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.17 views

CVE-2026-5242

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

8.8CVSS0.00304EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.17 views

CVE-2026-5233

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS0.00205EPSS
Exploits0References1
Total number of security vulnerabilities364228