Export limit exceeded: 358290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358290 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12205 | 1 Timlegge | 1 Crypt::dsa | 2026-06-16 | N/A |
| Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised. | ||||
| CVE-2026-12161 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-16 | N/A |
| Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action. | ||||
| CVE-2026-12162 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-16 | N/A |
| Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain. | ||||
| CVE-2026-45952 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-frag frames. While we can't prevent a remote sender from sending non-TCP packets larger than the MTU, this will prevent users from inadvertently breaking new TCP streams. Traditionally, drivers supported XDP with MTU less than 4Kb (packet per page). Fbnic currently prevents attaching XDP when MTU is too high. But it does not prevent increasing MTU after XDP is attached. | ||||
| CVE-2026-10611 | 1 Misp | 1 Misp | 2026-06-16 | 10.0 Critical |
| An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge. As a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code. The issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required. | ||||
| CVE-2026-40789 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions. | ||||
| CVE-2026-40795 | 2026-06-16 | 6.5 Medium | ||
| Subscriber Broken Access Control in Amelia <= 2.2 versions. | ||||
| CVE-2026-42649 | 2026-06-16 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions. | ||||
| CVE-2026-42650 | 2026-06-16 | 7.2 High | ||
| Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions. | ||||
| CVE-2026-42656 | 2026-06-16 | 6.5 Medium | ||
| Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions. | ||||
| CVE-2026-42657 | 2026-06-16 | 6.5 Medium | ||
| Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions. | ||||
| CVE-2026-42665 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions. | ||||
| CVE-2026-42666 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | ||||
| CVE-2026-42668 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions. | ||||
| CVE-2026-42686 | 2026-06-16 | 7.1 High | ||
| Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions. | ||||
| CVE-2026-42687 | 2026-06-16 | 8.1 High | ||
| Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. | ||||
| CVE-2026-42743 | 2026-06-16 | 6.5 Medium | ||
| Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions. | ||||
| CVE-2026-42752 | 2026-06-16 | 6.5 Medium | ||
| Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions. | ||||
| CVE-2026-46063 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow stack, it takes extra steps to makes sure it is reading actual shadow stack memory and not other normal readable memory. It does this by holding the mmap read lock while doing the access and checking the flags of the VMA. Unfortunately that is not safe. If the read of the shadow stack sigframe hits a page fault, the fault handler will try to recursively grab another mmap read lock. This normally works ok, but if a writer on another CPU is also waiting, the second read lock could fail and cause a deadlock. Fix this by not holding mmap lock during the read access to userspace. Instead use mmap_lock_speculate_...() to watch for changes between dropping mmap lock and the userspace access. Retry if anything grabbed an mmap write lock in between and could have changed the VMA. These mmap_lock_speculate_...() helpers use mm::mm_lock_seq, which is only available when PER_VMA_LOCK is configured. So make X86_USER_SHADOW_STACK depend on it. On x86, PER_VMA_LOCK is a default configuration for SMP kernels. So drop support for the other configs under the assumption that the !SMP shadow stack user base does not exist. Currently there is a check that skips the lookup work when the SSP can be assumed to be on a shadow stack. While reorganizing the function, remove the optimization to make the tricky code flows more common, such that issues like this cannot escape detection for so long. | ||||
| CVE-2026-48886 | 2026-06-16 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions. | ||||