Export limit exceeded: 361784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361784 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-46406 | 1 Anthropics | 1 Claude Code | 2026-06-29 | N/A |
| Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the expected file path, causing the privileged process to follow the symlink and overwrite an attacker-chosen file with the response text. Exploiting this required a local unprivileged user on the same system and a privileged user to run the /copy command. This vulnerability is fixed in 2.1.128. | ||||
| CVE-2026-55607 | 1 Anthropics | 1 Claude Code | 2026-06-29 | N/A |
| Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such as .zshenv), leading to code execution outside of seatbelt sandbox restrictions. Reliably exploiting this required the user to clone a malicious repository containing prompt injection content and run Claude Code against it. This vulnerability is fixed in 2.1.163. | ||||
| CVE-2026-57498 | 2026-06-29 | 9.6 Critical | ||
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId($teamId) before any operation. However, multiple Livewire web UI components accept server_id and destination_uuid from URL query parameters without any team ownership validation, allowing cross-team resource deployment. This vulnerability is fixed in 4.0.0-beta.474. | ||||
| CVE-2026-48558 | 1 Simple-help | 1 Simplehelp | 2026-06-29 | 10 Critical |
| SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required. | ||||
| CVE-2026-38571 | 1 Tenda | 1 N300 F3 | 2026-06-29 | 4.6 Medium |
| Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write arbitrary memory via the serial console. | ||||
| CVE-2026-38639 | 1 Redox-os | 1 Relibc | 2026-06-29 | 7.5 High |
| An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input. | ||||
| CVE-2026-39031 | 1 Lansweeper | 2 Lsencrypt, Lsrunase | 2026-06-29 | 5.5 Medium |
| Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required. | ||||
| CVE-2026-50765 | 1 Koha | 1 Library Management System | 2026-06-29 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field). | ||||
| CVE-2026-50767 | 1 Koha | 1 Library Management System | 2026-06-29 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg). | ||||
| CVE-2025-10268 | 2 Printcart, Wordpress | 2 Web To Print Product Designer, Wordpress | 2026-06-29 | 5.3 Medium |
| The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server. | ||||
| CVE-2026-10823 | 2 Wordpress, Ymc Filter | 2 Wordpress, Ymc Filter | 2026-06-29 | 7.5 High |
| The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts. | ||||
| CVE-2026-10835 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2026-06-29 | 7.7 High |
| The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks. | ||||
| CVE-2026-49486 | 1 Apache | 1 Airflow Ftp Provider | 2026-06-29 | 7.5 High |
| The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files over FTPS exposed file contents and credentials-in-transit to a network attacker able to observe the data connection. Upgrade apache-airflow-providers-ftp to `3.15.1` or later, which issues `PROT P` to encrypt the data channel. | ||||
| CVE-2026-11625 | 1 Davido | 1 Bytes::random::secure | 2026-06-29 | 7.5 High |
| Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes. | ||||
| CVE-2026-11702 | 1 Davido | 1 Bytes::random::secure::tiny | 2026-06-29 | 7.5 High |
| Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes. | ||||
| CVE-2026-57912 | 1 Johnson & Johnson | 1 Campus Recruiting | 2026-06-29 | 7.5 High |
| Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers. | ||||
| CVE-2026-57913 | 1 Johnson & Johnson | 1 Audit Tracking Management System | 2026-06-29 | 7.5 High |
| Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts. | ||||
| CVE-2025-7958 | 1 Trellix | 1 Network Security | 2026-06-29 | N/A |
| A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details. | ||||
| CVE-2026-57473 | 1 Reolink | 1 Home Hub | 2026-06-29 | N/A |
| A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated cameras and compromise the credentials of connected cameras. | ||||
| CVE-2026-57920 | 1 Peplink | 1 Incontrol | 2026-06-29 | 7.7 High |
| Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints. | ||||