Export limit exceeded: 359370 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359370 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24061 | 2 Debian, Gnu | 2 Debian Linux, Inetutils | 2026-06-17 | 9.8 Critical |
| telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. | ||||
| CVE-2026-22550 | 1 Elecom | 4 Wrc-x1500gs-b, Wrc-x1500gs-b Firmware, Wrc-x1500gsa-b and 1 more | 2026-06-17 | 8.8 High |
| OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution. | ||||
| CVE-2026-36576 | 1 Openlabs | 1 Docker-wkhtmltopdf-aas | 2026-06-17 | 9.8 Critical |
| An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request. | ||||
| CVE-2026-54804 | 2026-06-17 | 7.6 High | ||
| Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions. | ||||
| CVE-2026-54188 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | ||||
| CVE-2026-54185 | 2026-06-17 | 8.5 High | ||
| Subscriber SQL Injection in Cornerstone < 7.8.8 versions. | ||||
| CVE-2026-52705 | 2026-06-17 | 9 Critical | ||
| Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | ||||
| CVE-2026-49778 | 2026-06-17 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | ||||
| CVE-2026-49076 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. | ||||
| CVE-2026-22340 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions. | ||||
| CVE-2026-22335 | 2026-06-17 | 8.5 High | ||
| Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions. | ||||
| CVE-2025-60205 | 2026-06-17 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions. | ||||
| CVE-2025-58954 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. | ||||
| CVE-2024-52488 | 2026-06-17 | 9.9 Critical | ||
| Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions. | ||||
| CVE-2026-46173 | 1 Linux | 1 Linux Kernel | 2026-06-17 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls __schedule(), which has a comment saying "WARNING: must be called with preemption disabled!". If an oopsing task is preempted in do_task_dead(), between becoming TASK_DEAD and entering the scheduler explicitly, bad things happen: finish_task_switch() assumes that once the scheduler has switched away from a TASK_DEAD task, the task can never run again and its stack is no longer needed; but that assumption apparently doesn't hold if the dead task was preempted (the SM_PREEMPT case). This means that the scheduler ends up repeatedly dropping references on the dead task's stack, which can lead to use-after-free or double-free of the entire task stack; in other words, two tasks can end up running on the same stack, resulting in various kinds of memory corruption. (This does not just affect "recursively oopsing" tasks; it is enough to oops once during task exit, for example in a file_operations::release handler) | ||||
| CVE-2023-40132 | 1 Google | 1 Android | 2026-06-17 | 7.8 High |
| In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-40108 | 1 Google | 1 Android | 2026-06-17 | 5.5 Medium |
| In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-41276 | 2 Waterfall, Waterfall-security | 3 Wf-500, Wf-500, Wf-500 Firmware | 2026-06-17 | 9.8 Critical |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. | ||||
| CVE-2026-25089 | 1 Fortinet | 5 Fortisandbox, Fortisandbox Cloud, Fortisandbox Paas and 2 more | 2026-06-17 | 9.1 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests | ||||
| CVE-2025-48700 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra | 2026-06-17 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction. | ||||