Export limit exceeded: 351105 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351105 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44662 | 2026-05-14 | N/A | ||
| rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79. | ||||
| CVE-2026-42327 | 2026-05-14 | N/A | ||
| rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref<Target = str> wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a &str that violates the UTF-8 invariant — resulting in undefined behavior. This vulnerability is fixed in 0.10.79. | ||||
| CVE-2026-45708 | 1 Cubecart | 1 Cubecart | 2026-05-14 | 7.2 High |
| CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php … ?> into the Invoice Editor. The next time any admin clicks Print on any order, the rendered template is written to files/print.<md5>.php. files/.htaccess ships an explicit <Files print.*.php> allow from all </Files> carve-out, so the file is fetched and executed by any unauthenticated visitor. This vulnerability is fixed in 6.7.3. | ||||
| CVE-2026-45225 | 1 Heymrun | 1 Heym | 2026-05-14 | 7.6 High |
| Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the upload_file() handler to bypass path restrictions and write, read, or delete files outside the intended storage directory. | ||||
| CVE-2026-44503 | 2026-05-14 | N/A | ||
| The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie, Proxy-Authorization, and all custom headers are forwarded to the redirect target. | ||||
| CVE-2026-44193 | 1 Opnsense | 1 Core | 2026-05-14 | 9.1 Critical |
| OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7. | ||||
| CVE-2026-43515 | 1 Apache | 1 Tomcat | 2026-05-14 | 9.1 Critical |
| Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue. | ||||
| CVE-2026-43513 | 1 Apache | 1 Tomcat | 2026-05-14 | 7.5 High |
| Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue. | ||||
| CVE-2026-43512 | 1 Apache | 1 Tomcat | 2026-05-14 | 9.8 Critical |
| DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue. | ||||
| CVE-2026-42945 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2026-05-14 | 8.1 High |
| NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-42593 | 1 Gotenberg | 1 Gotenberg | 2026-05-14 | 5.3 Medium |
| Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated stamp/watermark routes require an uploaded file when the source type is image or pdf; these six routes only overwrite the expression when a file is uploaded, leaving the user-controlled path intact when no file is attached. pdfcpu opens the path and composites its pages onto the output PDF, which returns to the caller. An attacker reads any PDF the Gotenberg process can access on the container filesystem. This vulnerability is fixed in 8.32.0. | ||||
| CVE-2026-42549 | 1 Flightphp | 1 Core | 2026-05-14 | 4.4 Medium |
| Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir(..., recursive: true) on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect is already committed — including directories located outside the project root through ../ traversal. This vulnerability is fixed in 3.18.1. | ||||
| CVE-2026-41293 | 1 Apache | 1 Tomcat | 2026-05-14 | 9.8 Critical |
| Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. | ||||
| CVE-2026-45448 | 1 Ntop | 1 Ntopng | 2026-05-14 | 4.3 Medium |
| CWE-601 URL redirection to untrusted site ('open redirect') | ||||
| CVE-2026-45369 | 2026-05-14 | 8.3 High | ||
| python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Unix) or powershell.exe -Command (Windows), allowing an attacker to inject arbitrary shell commands. This vulnerability is fixed in 1.1.3. | ||||
| CVE-2026-44426 | 2 Shellhub, Shellhub-io | 2 Shellhub, Shellhub | 2026-05-14 | 6.5 Medium |
| ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list (user IDs, e-mails, roles), settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own tenant scope. The handler conditionally skips the membership check when the user ID (X-ID) is absent, which is exactly the case for API Key authentication. This vulnerability is fixed in 0.24.2. | ||||
| CVE-2026-45370 | 2026-05-14 | 7.7 High | ||
| python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This vulnerability is fixed in 1.1.3. | ||||
| CVE-2026-44661 | 2026-05-14 | 4.7 Medium | ||
| python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / loopback allowlist, but call_tool() and call_tool_streaming() reuse the resolved tool_call_template.url directly without revalidating, and the OpenAPI converter blindly trusts whatever servers[0].url an attacker-hosted spec declares. An attacker who hosts a malicious OpenAPI spec on a legitimate HTTPS endpoint can declare e.g. servers: [{ url: "http://127.0.0.1:9090" }] or servers: [{ url: "http://169.254.169.254" }]; the OpenAPI converter then produces tools whose URL points at internal services on the agent host. All three HTTP-class protocols (utcp_http.http, utcp_http.streamable_http, utcp_http.sse) shared the same gap. This vulnerability is fixed in 1.1.3. | ||||
| CVE-2026-44440 | 1 Frappe | 1 Erpnext | 2026-05-14 | 6.5 Medium |
| ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is fixed in 15.101.1 and 16.10.0. | ||||
| CVE-2026-44441 | 1 Frappe | 1 Erpnext | 2026-05-14 | 5 Medium |
| ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16.0. | ||||