Lucene search
K
RedhatcveRecent

206589 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•11 views

CVE-2026-7160

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

9CVSS7.4AI score0.03269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34297

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite component: Knowledge Integration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM...

7.5CVSS7.4AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34176

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.2AI score0.00692EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•12 views

CVE-2026-7052

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.6AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•11 views

CVE-2026-34642

After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•11 views

CVE-2026-34660

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially...

9.3CVSS6.1AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34639

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•9 views

CVE-2026-34279

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Event Management. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

9.1CVSS7.3AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34648

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources,...

7.5CVSS5.5AI score0.2255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34930

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute...

7.8CVSS7.1AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34640

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34084

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

9.8CVSS6.2AI score0.00712EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34578

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...

8.2CVSS5.5AI score0.00415EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

7.4CVSS5.7AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34587

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... ...

8.1CVSS5.3AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•12 views

CVE-2026-34929

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to...

7.8CVSS7.1AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•8 views

CVE-2026-34310

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Platform. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with...

7.5CVSS7.4AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•16 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS7.4AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•9 views

CVE-2026-34602

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...

7.1CVSS5.5AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•8 views

CVE-2026-34260

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS6AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•12 views

CVE-2026-34242

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS5.3AI score0.00465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34178

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...

9.1CVSS5.5AI score0.00424EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•8 views

CVE-2026-34309

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Security. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools...

8.1CVSS7.3AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•9 views

CVE-2026-34927

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS7.1AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•11 views

CVE-2026-34659

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this...

9.6CVSS6.3AI score0.00635EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•8 views

CVE-2026-34305

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS7.4AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•12 views

CVE-2026-34291

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While...

8.7CVSS7.4AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•12 views

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.6AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•11 views

CVE-2026-34853

Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability...

7.7CVSS5.4AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34651

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources,...

7.5CVSS5.5AI score0.00675EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34637

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•16 views

CVE-2026-34187

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...

9.8CVSS5.7AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34682

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•16 views

CVE-2026-34457

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.5AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34256

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

7.1CVSS5.5AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•8 views

CVE-2026-34904

Cross-Site Request Forgery CSRF vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0...

7.5CVSS5.4AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•11 views

CVE-2026-34259

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...

8.2CVSS5.9AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34652

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the...

7.5CVSS5.5AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•14 views

CVE-2026-34463

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector...

8.6CVSS5.3AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•9 views

CVE-2026-34643

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34661

Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•12 views

CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS6.1AI score0.00821EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•11 views

CVE-2026-34311

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network...

9.8CVSS5.5AI score0.00461EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•9 views

CVE-2026-34646

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.5CVSS5.5AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•12 views

CVE-2026-34292

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server...

7.2CVSS7.3AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34126

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth rang...

7.5CVSS5.5AI score0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34063

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...

7.5CVSS5.6AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34184

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed in...

9.1CVSS5.6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•10 views

CVE-2026-34665

CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application...

7.5CVSS5.5AI score0.00787EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:22 p.m.•11 views

CVE-2026-34320

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS7.4AI score0.00307EPSS
Exploits0References1
Total number of security vulnerabilities206589