Export limit exceeded: 361545 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361545 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-54636 | 2026-06-26 | 9 Critical | ||
| Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is fixed in 0.38.7. | ||||
| CVE-2026-11625 | 2026-06-26 | 7.5 High | ||
| Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes. | ||||
| CVE-2026-2053 | 1 Wso2 | 1 Wso2 Api Manager | 2026-06-26 | 8.3 High |
| The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests. Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks. | ||||
| CVE-2026-57881 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-49506 | 1 Dell | 1 Wyse Management Suite | 2026-06-26 | 7.2 High |
| Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution. | ||||
| CVE-2026-57453 | 1 Vim | 1 Vim | 2026-06-26 | 6.5 Medium |
| Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678. | ||||
| CVE-2023-20540 | 2026-06-26 | N/A | ||
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity. | ||||
| CVE-2025-60464 | 1 Gpac | 1 Mp4box | 2026-06-26 | 7.8 High |
| A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 TS file. | ||||
| CVE-2023-20572 | 2026-06-26 | N/A | ||
| An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity. | ||||
| CVE-2026-57879 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-54834 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. | ||||
| CVE-2025-64636 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. | ||||
| CVE-2025-68074 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. | ||||
| CVE-2026-56040 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions. | ||||
| CVE-2026-56047 | 2026-06-26 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions. | ||||
| CVE-2026-57878 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution. | ||||
| CVE-2026-56067 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. | ||||
| CVE-2026-57877 | 1 Geovision Inc. | 1 Gv-lpclpc2011 2211 | 2026-06-26 | 8.6 High |
| An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service. | ||||
| CVE-2026-56033 | 2026-06-26 | 9.8 Critical | ||
| Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions. | ||||
| CVE-2026-57430 | 2026-06-26 | 4.3 Medium | ||
| Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions. | ||||