Export limit exceeded: 358335 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358335 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12220 | 1 Yealink | 1 Sip-t46u | 2026-06-15 | 8 High |
| A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12201 | 1 Iobit | 1 Malware Fighter | 2026-06-15 | 5.3 Medium |
| A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-12208 | 1 Jsonata-js | 1 Jsonata | 2026-06-15 | 5.3 Medium |
| A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4480 | 2 Redhat, Samba | 5 Enterprise Linux, Openshift, Openshift Container Platform and 2 more | 2026-06-15 | 9 Critical |
| A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system. | ||||
| CVE-2026-4408 | 2 Redhat, Samba | 5 Enterprise Linux, Openshift, Openshift Container Platform and 2 more | 2026-06-15 | 9 Critical |
| A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service. | ||||
| CVE-2026-3012 | 2 Redhat, Samba | 5 Enterprise Linux, Openshift, Openshift Container Platform and 2 more | 2026-06-15 | 8 High |
| A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications. | ||||
| CVE-2026-1933 | 2 Redhat, Samba | 5 Enterprise Linux, Openshift, Openshift Container Platform and 2 more | 2026-06-15 | 7.1 High |
| A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types. | ||||
| CVE-2026-54420 | 2 Litespeed Technologies, Litespeedtech | 3 Cpanel Plugin, Litespeed Cpanel Plugin, Litespeed Whm Plugin | 2026-06-15 | 8.5 High |
| LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026. | ||||
| CVE-2026-49766 | 2026-06-15 | 9.9 Critical | ||
| Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | ||||
| CVE-2026-49109 | 2026-06-15 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | ||||
| CVE-2026-48878 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. | ||||
| CVE-2026-48871 | 2026-06-15 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions. | ||||
| CVE-2026-48835 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. | ||||
| CVE-2026-45441 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions. | ||||
| CVE-2026-42660 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions. | ||||
| CVE-2026-42378 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions. | ||||
| CVE-2026-40796 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions. | ||||
| CVE-2026-40776 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. | ||||
| CVE-2026-40775 | 2026-06-15 | 7.3 High | ||
| Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions. | ||||
| CVE-2026-40773 | 2026-06-15 | 6.5 Medium | ||
| Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions. | ||||