Lucene search
K

364639 matches found

NVD
NVD
โ€ขadded 2026/06/12 7:16 p.m.โ€ข16 views

CVE-2026-12043

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...

8.8CVSS0.00351EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/06/12 7:16 p.m.โ€ข18 views

CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS0.00108EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 7:16 p.m.โ€ข19 views

CVE-2026-28742

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/06/12 7:16 p.m.โ€ข30 views

CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS0.00409EPSS
Exploits0References19
NVD
NVD
โ€ขadded 2026/06/12 7:16 p.m.โ€ข14 views

CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข16 views

CVE-2026-48558

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS0.0116EPSS
Exploits1References5
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข15 views

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

7.8CVSS0.0008EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข19 views

CVE-2026-48165

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

9.1CVSS0.00967EPSS
Exploits0References12
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข19 views

CVE-2026-48163

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

9.1CVSS0.00654EPSS
Exploits0References12
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข14 views

CVE-2026-47225

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

6CVSS0.00226EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข13 views

CVE-2026-47223

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...

5.4CVSS0.0018EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข15 views

CVE-2026-47965

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00148EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข16 views

CVE-2026-47216

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multisearch endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS0.00336EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข13 views

CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS0.00399EPSS
Exploits0References12
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข21 views

CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS0.00419EPSS
Exploits0References11
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข13 views

CVE-2026-44171

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...

7.8CVSS0.00135EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข13 views

CVE-2026-44169

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS0.00161EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข14 views

CVE-2026-44168

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS0.00567EPSS
Exploits0References12
NVD
NVD
โ€ขadded 2026/06/12 6:16 p.m.โ€ข19 views

CVE-2026-44170

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

9.9CVSS0.00797EPSS
Exploits0References12
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข16 views

CVE-2026-6961

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations...

7.6CVSS0.00294EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข34 views

CVE-2026-6739

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-i...

7.2CVSS0.00257EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข16 views

CVE-2026-6689

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS0.00152EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข13 views

CVE-2026-7184

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...

6.5CVSS0.00255EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข27 views

CVE-2026-7387

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

8.8CVSS0.00298EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข9 views

CVE-2026-53982

Cap-go Console 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly associates the...

7.1CVSS0.00329EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข13 views

CVE-2026-6046

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

5.3CVSS0.0019EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข11 views

CVE-2026-53981

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS0.00267EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข18 views

CVE-2026-47224

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...

4.3CVSS0.00187EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข17 views

CVE-2026-47222

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a...

5.4CVSS0.0017EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข16 views

CVE-2026-3840

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The getversionedpath method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS0.00186EPSS
Exploits1References1
NVD
NVD
โ€ขadded 2026/06/12 5:16 p.m.โ€ข16 views

CVE-2026-3433

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to restrict roleupdated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change...

4.3CVSS0.0018EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข19 views

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS0.00226EPSS
Exploits0References7
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข16 views

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS0.00279EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข18 views

CVE-2026-5792

Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud RMC allows Brute Force. This issue affects Related Marketing Cloud RMC: through 12052026...

6.5CVSS0.0021EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข22 views

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS0.00305EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข20 views

CVE-2026-53568

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS0.00258EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข15 views

CVE-2026-50560

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

6.9CVSS0.00302EPSS
Exploits0References4
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข16 views

CVE-2026-50085

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

9.8CVSS0.00278EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข16 views

CVE-2026-50086

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS0.00222EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข16 views

CVE-2026-50090

The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...

9.3CVSS0.00253EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข16 views

CVE-2026-50091

Aqara Home Android com.lumiunited.aqarahome 6.0.0 and white-label clients embedding the same liblumidevsdk.so uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1...

9.1CVSS0.00246EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข12 views

CVE-2026-50088

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS0.00182EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข17 views

CVE-2026-50087

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS0.00192EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข18 views

CVE-2026-50089

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

6.1CVSS0.00147EPSS
Exploits1References2
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข60 views

CVE-2026-50020

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00โ€“0x1F and 0x7F as well as all...

5.3CVSS0.00232EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข15 views

CVE-2026-50026

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS0.0026EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข16 views

CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS0.00204EPSS
Exploits0References2
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข17 views

CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS0.00269EPSS
Exploits0References12
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข21 views

CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

7.5CVSS0.00371EPSS
Exploits0References7
NVD
NVD
โ€ขadded 2026/06/12 4:16 p.m.โ€ข15 views

CVE-2026-50082

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS0.00219EPSS
Exploits1References2
Total number of security vulnerabilities364639