Export limit exceeded: 351487 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351487 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351487 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351487 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30901 | 1 Zoom | 1 Rooms | 2026-05-14 | 7 High |
| Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2026-26725 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-05-14 | 9.8 Critical |
| An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 (fixed in 19.76) allows a remote attacker to escalate privileges via the AccessID parameter. | ||||
| CVE-2026-43295 | 1 Linux | 1 Linux Kernel | 2026-05-14 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() When idtab allocation fails, net is not registered with rio_add_net() yet, so kfree(net) is sufficient to release the memory. Set mport->net to NULL to avoid dangling pointer. | ||||
| CVE-2025-27851 | 1 Garmin | 1 Wdu | 2026-05-14 | 9.3 Critical |
| The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate an exploit of this vulnerability, the victim must (1) be utilizing a web browser on a multihomed host that has local interfaces on the Garmin Marine Network as well as another network, and (2) access a malicious third party website created by the attacker. | ||||
| CVE-2025-27853 | 1 Garmin | 1 Wdu | 2026-05-14 | 7.3 High |
| The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attacker may bypass all authentication mechanisms by directly utilizing the remote APIs available on the websocket. | ||||
| CVE-2026-44589 | 1 Nuxt-modules | 1 Og-image | 2026-05-14 | 3.7 Low |
| Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in nuxt-og-image@6.2.5 to remediate GHSA-pqhr-mp3f-hrpp (Dmitry Prokhorov / Positive Technologies, March 2026) is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validation. This vulnerability is fixed in 6.4.9. | ||||
| CVE-2026-44522 | 1 Enchant97 | 1 Note-mark | 2026-05-14 | N/A |
| Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/{noteID}/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored directly in the database without any sanitization or validation - no path separator filtering, no directory traversal sequence rejection, and no use of filepath.Base() to strip directory components. The unsanitized name is persisted as-is in the note_assets table (Name column, varchar(80)). When an administrator subsequently runs the data export CLI commands (note-mark migrate export-v1 or note-mark migrate export), the stored asset name is passed directly into filepath.Join() and path.Join() calls as part of the output file path argument to os.Create(). Since Go's filepath.Join() resolves ../ sequences during path normalization, an attacker-controlled asset name containing directory traversal sequences causes the export process to write files to arbitrary locations on the filesystem, completely outside the intended export directory. This vulnerability is fixed in 0.19.4. | ||||
| CVE-2026-8621 | 1 Openclaw | 1 Crabbox | 2026-05-14 | 8.8 High |
| Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a shared token to bypass authorization checks and access owner/org-scoped lease operations belonging to victim accounts. | ||||
| CVE-2026-8629 | 1 Openclaw | 1 Crabbox | 2026-05-14 | 8.1 High |
| Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket endpoints to obtain bridge-agent tickets and impersonate trusted lease-side bridges despite having only visibility permissions. | ||||
| CVE-2026-30902 | 1 Zoom | 4 Rooms, Workplace, Workplace Desktop and 1 more | 2026-05-14 | 7.8 High |
| Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-15633 | 1 Hcltech | 22 Bigfix Webui, Bigfix Webui Api, Bigfix Webui Application Administration and 19 more | 2026-05-14 | 6.5 Medium |
| An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers. | ||||
| CVE-2025-15634 | 1 Hcltech | 22 Bigfix Webui, Bigfix Webui Api, Bigfix Webui Application Administration and 19 more | 2026-05-14 | 4.3 Medium |
| A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page. | ||||
| CVE-2026-42311 | 2 Python, Python-pillow | 2 Pillow, Pillow | 2026-05-14 | 7.8 High |
| Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0. | ||||
| CVE-2026-29516 | 2 Buffalo, Buffaloamericas | 3 Terastation Nas Ts5400r, Terastation Nas Ts5400r, Terastation Nas Ts5400r Firmware | 2026-05-14 | 4.9 Medium |
| Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root. | ||||
| CVE-2026-32889 | 1 Tinytag | 1 Tinytag | 2026-05-14 | 6.5 Medium |
| tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT (synchronized lyrics) frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsing operation to stop making progress and remain busy until the worker or process is terminated. The root cause is that _parse_synced_lyrics assumes _find_string_end_pos always returns a position greater than the current offset. That assumption is false when no string terminator is present in the remaining frame content. This issue has been fixed in version 2.2.1. | ||||
| CVE-2026-45708 | 1 Cubecart | 1 Cubecart | 2026-05-14 | 7.2 High |
| CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php … ?> into the Invoice Editor. The next time any admin clicks Print on any order, the rendered template is written to files/print.<md5>.php. files/.htaccess ships an explicit <Files print.*.php> allow from all </Files> carve-out, so the file is fetched and executed by any unauthenticated visitor. This vulnerability is fixed in 6.7.3. | ||||
| CVE-2026-45225 | 1 Heymrun | 1 Heym | 2026-05-14 | 7.6 High |
| Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the upload_file() handler to bypass path restrictions and write, read, or delete files outside the intended storage directory. | ||||
| CVE-2026-42945 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2026-05-14 | 8.1 High |
| NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-42549 | 1 Flightphp | 1 Core | 2026-05-14 | 4.4 Medium |
| Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir(..., recursive: true) on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect is already committed — including directories located outside the project root through ../ traversal. This vulnerability is fixed in 3.18.1. | ||||
| CVE-2026-45448 | 1 Ntop | 1 Ntopng | 2026-05-14 | 4.3 Medium |
| CWE-601 URL redirection to untrusted site ('open redirect') | ||||