Export limit exceeded: 351268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41966 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.6 Medium |
| Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41968 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41964 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 8.4 High |
| Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41971 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.5 Medium |
| Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41961 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41967 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41969 | 1 Huawei | 2 Emui, Harmonyos | 2026-05-15 | 6.2 Medium |
| Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41970 | 1 Huawei | 2 Emui, Harmonyos | 2026-05-15 | 6.8 Medium |
| Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41963 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 2.8 Low |
| Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34263 | 1 Sap Se | 1 Sap Commerce Cloud Configuration | 2026-05-15 | 9.6 Critical |
| Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application. | ||||
| CVE-2026-0427 | 1 Amd | 4 Instinct Mi210, Instinct Mi300x, Instinct Mi325x and 1 more | 2026-05-15 | N/A |
| Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability. | ||||
| CVE-2026-6415 | 2 Justinkruit, Wordpress | 2 Advanced Custom Fields:font Awesome Field, Wordpress | 2026-05-15 | 6.4 Medium |
| The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the update_preview() JavaScript function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-41965 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.6 Medium |
| Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41962 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 3.6 Low |
| Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-0044 | 1 Amd | 8 Amd Ryzen™ Ai 300 Series Processors, Radeon Pro W7000 Series, Radeon Rx 7000 Series and 5 more | 2026-05-15 | N/A |
| An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability. | ||||
| CVE-2026-4094 | 2 Realmag777, Wordpress | 2 Fox – Currency Switcher Professional For Woocommerce, Wordpress | 2026-05-15 | 8.1 High |
| The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete the entire multi-currency configuration by visiting any wp-admin page with the `woocs_reset` parameter appended. Additionally, because no nonce is verified, this is also exploitable via Cross-Site Request Forgery against any administrator. The vulnerability may also be exploited by Subscriber-level users if the site is configured to allow Subscriber access to 'wp-admin' pages. | ||||
| CVE-2026-44661 | 2026-05-15 | 4.7 Medium | ||
| python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / loopback allowlist, but call_tool() and call_tool_streaming() reuse the resolved tool_call_template.url directly without revalidating, and the OpenAPI converter blindly trusts whatever servers[0].url an attacker-hosted spec declares. An attacker who hosts a malicious OpenAPI spec on a legitimate HTTPS endpoint can declare e.g. servers: [{ url: "http://127.0.0.1:9090" }] or servers: [{ url: "http://169.254.169.254" }]; the OpenAPI converter then produces tools whose URL points at internal services on the agent host. All three HTTP-class protocols (utcp_http.http, utcp_http.streamable_http, utcp_http.sse) shared the same gap. This vulnerability is fixed in 1.1.3. | ||||
| CVE-2026-45370 | 2026-05-15 | 7.7 High | ||
| python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This vulnerability is fixed in 1.1.3. | ||||
| CVE-2026-44700 | 2026-05-15 | N/A | ||
| Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1. | ||||
| CVE-2026-4031 | 2 Wordpress, Wpengine | 2 Wordpress, Database Backup For Wordpress | 2026-05-15 | 7.5 High |
| The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This makes it possible for unauthenticated attackers to send a request to wp-cron.php with a poisoned wp_db_temp_dir value pointing to a publicly accessible directory (e.g., wp-content/uploads/), and if a scheduled backup is due, intercept the backup file before it is cleaned up. The backup file has a predictable name based on the database name, table prefix, date, and Swatch Internet Time, making interception reliable. Successful exploitation leads to Sensitive Information Exposure including database credentials, user password hashes, and personally identifiable information. This vulnerability requires that the site administrator has configured scheduled backups. | ||||