Search Results (85326 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-44633 1 Livehelperchat 1 Livehelperchat 2026-05-14 8.1 High
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can change the chat hash and status and then access or tamper with the chat through visitor/widget paths. The same write primitive can set operation_admin, which is later emitted as operator-side JavaScript.
CVE-2026-41134 1 Microsoft 1 Kiota 2026-05-14 7.8 High
Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks (for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default value emission). When malicious values from an OpenAPI description are emitted into generated source without context-appropriate escaping, an attacker can break out of string literals and inject additional code into generated clients. This issue is only practically exploitable when the OpenAPI description used for generation is from an untrusted source, or a normally trusted OpenAPI description has been compromised/tampered with. Only generating from trusted, integrity-protected API descriptions significantly reduces the risk. To remediate the issue, upgrade Kiota to 1.31.1 or later and regenerate/refresh existing generated clients as a precaution. Refreshing generated clients ensures previously generated vulnerable code is replaced with hardened output.
CVE-2026-43290 1 Linux 1 Linux Kernel 2026-05-14 7.8 High
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on start_streaming() failure Return buffers if streaming fails to start due to uvc_pm_get() error. This bug may be responsible for a warning I got running while :; do yavta -c3 /dev/video0; done on an xHCI controller which failed under this workload. I had no luck reproducing this warning again to confirm. xhci_hcd 0000:09:00.0: HC died; cleaning up usb 13-2: USB disconnect, device number 2 WARNING: CPU: 2 PID: 29386 at drivers/media/common/videobuf2/videobuf2-core.c:1803 vb2_start_streaming+0xac/0x120
CVE-2026-43291 1 Linux 1 Linux Kernel 2026-05-14 8.3 High
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more. The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct).
CVE-2026-30900 1 Zoom 4 Meeting Software Development Kit, Workplace, Workplace Desktop and 1 more 2026-05-14 7.8 High
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2026-30901 1 Zoom 1 Rooms 2026-05-14 7 High
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2026-8621 1 Openclaw 1 Crabbox 2026-05-14 8.8 High
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a shared token to bypass authorization checks and access owner/org-scoped lease operations belonging to victim accounts.
CVE-2026-8629 1 Openclaw 1 Crabbox 2026-05-14 8.1 High
Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket endpoints to obtain bridge-agent tickets and impersonate trusted lease-side bridges despite having only visibility permissions.
CVE-2026-30902 1 Zoom 4 Rooms, Workplace, Workplace Desktop and 1 more 2026-05-14 7.8 High
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2026-42311 2 Python, Python-pillow 2 Pillow, Pillow 2026-05-14 7.8 High
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.
CVE-2026-45708 1 Cubecart 1 Cubecart 2026-05-14 7.2 High
CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php … ?> into the Invoice Editor. The next time any admin clicks Print on any order, the rendered template is written to files/print.<md5>.php. files/.htaccess ships an explicit <Files print.*.php> allow from all </Files> carve-out, so the file is fetched and executed by any unauthenticated visitor. This vulnerability is fixed in 6.7.3.
CVE-2026-45225 1 Heymrun 1 Heym 2026-05-14 7.6 High
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the upload_file() handler to bypass path restrictions and write, read, or delete files outside the intended storage directory.
CVE-2026-44446 1 Frappe 1 Erpnext 2026-05-14 8.8 High
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and 16.14.0.
CVE-2026-42561 1 Kludex 1 Python-multipart 2026-05-14 7.5 High
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion. This vulnerability is fixed in 0.0.27.
CVE-2026-4112 1 Sonicwall 10 Sma1000, Sma6200, Sma6200 Firmware and 7 more 2026-05-14 7.2 High
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
CVE-2026-4113 1 Sonicwall 10 Sma1000, Sma6200, Sma6200 Firmware and 7 more 2026-05-14 7.2 High
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
CVE-2026-4116 1 Sonicwall 10 Sma1000, Sma6200, Sma6200 Firmware and 7 more 2026-05-14 7.2 High
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
CVE-2026-43097 1 Linux 1 Linux Kernel 2026-05-14 7.8 High
In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double ida_free in hv_pci_probe error path If hv_pci_probe() fails after storing the domain number in hbus->bridge->domain_nr, there is a call to free this domain_nr via pci_bus_release_emul_domain_nr(), however, during cleanup, the bridge release callback pci_release_host_bridge_dev() also frees the domain_nr causing ida_free to be called on same ID twice and triggering following warning: ida_free called for id=28971 which is not allocated. WARNING: lib/idr.c:594 at ida_free+0xdf/0x160, CPU#0: kworker/0:2/198 Call Trace: pci_bus_release_emul_domain_nr+0x17/0x20 pci_release_host_bridge_dev+0x4b/0x60 device_release+0x3b/0xa0 kobject_put+0x8e/0x220 devm_pci_alloc_host_bridge_release+0xe/0x20 devres_release_all+0x9a/0xd0 device_unbind_cleanup+0x12/0xa0 really_probe+0x1c5/0x3f0 vmbus_add_channel_work+0x135/0x1a0 Fix this by letting pci core handle the free domain_nr and remove the explicit free called in pci-hyperv driver.
CVE-2026-44167 1 Phpseclib 1 Phpseclib 2026-05-14 7.5 High
phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.
CVE-2026-43989 1 Dragonmonk111 1 Junoclaw 2026-05-14 8.5 High
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1.