Export limit exceeded: 357318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357318 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10721 | 1 Concretecms | 1 Concrete Cms | 2026-06-10 | N/A |
| Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 for reporting. | ||||
| CVE-2025-6254 | 2 Amentotech, Wordpress | 2 Doctreat Core, Wordpress | 2026-06-10 | 9.8 Critical |
| The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user. | ||||
| CVE-2026-42010 | 2 Gnu, Redhat | 6 Gnutls, Enterprise Linux, Hardened Images and 3 more | 2026-06-10 | 7.1 High |
| A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process. | ||||
| CVE-2026-46539 | 1 Nimiq | 1 Core-rs-albatross | 2026-06-10 | 5.9 Medium |
| Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the function to return true without performing any cryptographic verification when get_interlink_hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election head's epoch. An attacker providing transaction inclusion proofs can forge a MacroBlock header for that epoch position and have it accepted as "proven" without any hash or signature verification. This issue has been patched in version 1.4.0. | ||||
| CVE-2026-47974 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2026-06-10 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed. | ||||
| CVE-2026-45502 | 1 Microsoft | 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se | 2026-06-10 | 5 Medium |
| Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-47631 | 1 Microsoft | 6 Exchange Server 2016, Exchange Server 2019, Exchange Server Se and 3 more | 2026-06-10 | 8.1 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-26142 | 1 Microsoft | 4 Nuance Powerscribe 360, Nuance Powerscribe One, Powerscribe One Version 2023.1 Sp2 and 1 more | 2026-06-10 | 9.8 Critical |
| Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-45459 | 1 Microsoft | 5 365 Apps, Office 2024, Office 365 and 2 more | 2026-06-10 | 3.3 Low |
| Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-45481 | 1 Microsoft | 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more | 2026-06-10 | 7.3 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-48562 | 1 Microsoft | 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more | 2026-06-10 | 4.6 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-42907 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-10 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-44814 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-10 | 5.5 Medium |
| Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-50511 | 1 Microsoft | 1 Pc Manager | 2026-06-10 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-46411 | 1 Halfgaar | 1 Flashmq | 2026-06-10 | 6.5 Medium |
| FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2. | ||||
| CVE-2026-46373 | 1 Sqlfluff | 1 Sqlfluff | 2026-06-10 | 7.5 High |
| SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.1.0. | ||||
| CVE-2026-47904 | 1 Adobe | 1 Cai Content Credentials | 2026-06-10 | 6.2 Medium |
| CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34657 | 1 Adobe | 1 Cai Content Credentials | 2026-06-10 | 5.5 Medium |
| CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file. | ||||
| CVE-2026-34417 | 1 Brian-ruf | 1 Oscal-gui | 2026-06-10 | 6.1 Medium |
| OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to the project_id variable without sanitization in oscal-functions.php, and when the supplied project ID is not found, the unsanitized value is concatenated into an error message via the Messages() function and reflected into the HTML response body without encoding. | ||||
| CVE-2026-47938 | 1 Adobe | 1 Campaign Classic | 2026-06-10 | 10 Critical |
| Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed. | ||||