Export limit exceeded: 357811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357811 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45802 | 1 Setasign | 1 Fpdi | 2026-06-12 | N/A |
| FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeated attacks can lead to sustained service unavailability. This issue has been patched in version 2.6.7. | ||||
| CVE-2026-50245 | 1 Brickcom | 4 Box, Bullet, Cube and 1 more | 2026-06-12 | 7.7 High |
| Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed. | ||||
| CVE-2026-50005 | 1 Brickcom | 4 Box, Bullet, Cube and 1 more | 2026-06-12 | 7.7 High |
| Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds. | ||||
| CVE-2026-6250 | 1 Tp-link | 1 Tapo C110 | 2026-06-12 | N/A |
| An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return addresses. A remote authenticated attacker may redirect execution flow to existing internal functions, triggering an unauthorized factory reset, leading to loss of configuration, deletion of stored credentials and service disruption. | ||||
| CVE-2026-39494 | 2 Wbw Plugins, Wordpress | 2 Product Filter By Wbw, Wordpress | 2026-06-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2. | ||||
| CVE-2026-42653 | 2 Iova.mihai, Wordpress | 2 Slicewp, Wordpress | 2026-06-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6. | ||||
| CVE-2026-45174 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Endpoint Privileged Manager, Idira Endpoint Privilege Manager | 2026-06-12 | N/A |
| Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 | ||||
| CVE-2026-45173 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Identity Browser Extensions, Identity Browser Extensions | 2026-06-12 | N/A |
| Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21 | ||||
| CVE-2026-45172 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Privileged Session Manager, Pam Self-hosted Privilege Cloud | 2026-06-12 | N/A |
| Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18 | ||||
| CVE-2026-45171 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Privileged Session Manager, Privileged Session Manager Vault | 2026-06-12 | N/A |
| Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18 | ||||
| CVE-2026-45170 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Pam Sh Connector, Pam Sh Connector | 2026-06-12 | N/A |
| Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17 | ||||
| CVE-2026-9125 | 2 2winfactor, Wordpress | 2 Presto Player, Wordpress | 2026-06-12 | 6.4 Medium |
| The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays() function, which copies the link_url shortcode attribute directly into the overlay configuration without scheme validation, allowing javascript: URIs to survive and be rendered as the href of a clickable anchor element by the presto-dynamic-overlay-ui web component. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-47365 | 2 Webpros, Wordpress | 2 Wordpress-toolkit, Wordpress | 2026-06-12 | 9.9 Critical |
| Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account. | ||||
| CVE-2026-47367 | 1 Ubiquiti | 1 Uid Enterprise Agent | 2026-06-12 | 9.9 Critical |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device. | ||||
| CVE-2026-47368 | 1 Ubiquiti | 31 Efg, Envr, Envr-core and 28 more | 2026-06-12 | 8.6 High |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances. | ||||
| CVE-2026-24717 | 2 Qnap, Qnap Systems | 4 Qts, Quts Hero, Qts and 1 more | 2026-06-12 | 6.5 Medium |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later | ||||
| CVE-2026-47369 | 1 Ubiquiti | 32 Efg, Envr, Envr-core and 29 more | 2026-06-12 | 9.9 Critical |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||||
| CVE-2026-47370 | 1 Ubiquiti | 31 Efg, Envr, Envr-core and 28 more | 2026-06-12 | 9.9 Critical |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances. | ||||
| CVE-2026-45169 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Pam Sh Vault, Pam Sh Vault | 2026-06-12 | N/A |
| Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17 | ||||
| CVE-2026-9271 | 1 Keep Inmind Dashboard Notes | 1 Keep Inmind Dashboard Notes | 2026-06-12 | 5.9 Medium |
| Vulnerability Title | ||||