Export limit exceeded: 12586 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12586 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9369 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2026-06-02 | 9.8 Critical |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution. | ||||
| CVE-2016-9361 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2026-06-02 | 9.8 Critical |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating. | ||||
| CVE-2026-33398 | 1 Namelessmc | 1 Nameless | 2026-06-02 | N/A |
| NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlled `post` ID and returns its content. The backend helper in `modules/Forum/classes/Forum.php` does not enforce forum or topic ACLs. In contrast, the normal topic page in `modules/Forum/pages/forum/view_topic.php` enforces forum visibility and `view_other_topics`. Any low-privileged authenticated user can enumerate post IDs and read content from hidden, private, or staff-only forums. Version 2.2.5 fixes the issue. | ||||
| CVE-2026-28374 | 1 Grafana | 1 Grafana | 2026-06-02 | 4.3 Medium |
| Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations. | ||||
| CVE-2026-33377 | 1 Grafana | 1 Grafana | 2026-06-02 | 7.1 High |
| An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege. | ||||
| CVE-2026-44720 | 1 Th30d4y | 1 Openlearnx | 2026-06-02 | N/A |
| OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4. | ||||
| CVE-2026-39976 | 1 Laravel | 1 Passport | 2026-06-02 | 7.1 High |
| Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets the JWT sub claim to the client identifier (since there's no user). The token guard then passes this value to retrieveById() without validating it's actually a user identifier, potentially resolving an unrelated real user. Any machine-to-machine token can inadvertently authenticate as an actual user. This vulnerability is fixed in 13.7.1. | ||||
| CVE-2026-42654 | 2 Wordpress, Wpswings | 2 Wordpress, Wallet System For Woocommerce | 2026-06-02 | 7.1 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5. | ||||
| CVE-2026-45080 | 1 Aiven-open | 1 Klaw | 2026-06-02 | N/A |
| Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4. | ||||
| CVE-2026-39828 | 1 Golang | 2 Crypto, Ssh | 2026-06-02 | 6.3 Medium |
| When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error. | ||||
| CVE-2026-34072 | 1 Fccview | 1 Cronmaster | 2026-06-02 | 8.3 High |
| Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patched in version 2.2.0. | ||||
| CVE-2025-70363 | 1 Ibexa | 1 Ez Platform | 2026-06-02 | 7.5 High |
| Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs. | ||||
| CVE-2026-10294 | 2 Packagekit, Packagekit Project | 2 Packagekit, Packagekit | 2026-06-02 | 4.3 Medium |
| A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-8293 | 2 Really-simple-plugins, Wordpress | 2 Really Simple Security, Wordpress | 2026-06-02 | 7.5 High |
| The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email OTP challenge. | ||||
| CVE-2022-31609 | 1 Nvidia | 1 Virtual Gpu | 2026-06-02 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure. | ||||
| CVE-2025-60876 | 1 Busybox | 1 Busybox | 2026-06-02 | 6.5 Medium |
| BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20). | ||||
| CVE-2021-28511 | 1 Arista | 16 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 13 more | 2026-06-02 | 5.8 Medium |
| This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. | ||||
| CVE-2026-10288 | 1 Code-projects | 1 Hotel And Tourism Reservation System | 2026-06-02 | 7.3 High |
| A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-10283 | 1 Bottelet | 1 Daybydaycrm | 2026-06-02 | 6.3 Medium |
| A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2026-10285 | 1 Devaslanphp | 2 Project-management, Project Management | 2026-06-02 | 5.4 Medium |
| A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet. | ||||