Search Results (11933 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-8176 1 Redhat 10 Devworkspace, Discovery, Enterprise Linux and 7 more 2026-06-29 7.5 High
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
CVE-2026-56781 1 Teableio 1 Teable 2026-06-29 5.3 Medium
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.
CVE-2026-54888 1 Leandrocp 2 Mdex, Mdex Native 2026-06-29 N/A
Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document{} struct and Comrak's internal AST using two mutually recursive Rust functions, ex_document_to_comrak_ast and comrak_ast_to_ex_document, in the NIF source file document.rs. Neither function enforces a maximum nesting depth, so the recursion depth is bounded only by the structure of the input. An attacker who can get a Markdown document rendered (for example through MDEx.parse_document!/1 or MDEx.to_html/1) can supply a document with thousands of nested block quotes, which drives unbounded recursion across the NIF boundary and exhausts the native C stack. Because the resulting stack overflow is an uncatchable SIGSEGV raised inside a NIF, it cannot be contained by the Erlang runtime. It terminates the operating system process running the BEAM, killing every Elixir and Erlang process on the node, not just the caller that triggered the render. No authentication or special privileges are required. The vulnerable conversion code was extracted from mdex into the separate mdex_native package starting in mdex 0.12.3. This issue affects mdex from 0.3.0 before 0.12.3 and mdex_native from 0.1.0 before 0.2.3.
CVE-2026-42010 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-06-29 7.1 High
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
CVE-2025-3155 3 Debian, Gnome, Redhat 25 Debian Linux, Yelp, Codeready Linux Builder and 22 more 2026-06-29 7.4 High
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
CVE-2026-13757 1 Redhat 3 Enterprise Linux, Hummingbird, Openshift 2026-06-29 6.2 Medium
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services.
CVE-2025-13609 1 Redhat 4 Enterprise Linux, Enterprise Linux Eus, Rhel E4s and 1 more 2026-06-29 8.2 High
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
CVE-2026-57912 1 Johnson & Johnson 1 Campus Recruiting 2026-06-29 7.5 High
Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers.
CVE-2026-57913 1 Johnson & Johnson 1 Audit Tracking Management System 2026-06-29 7.5 High
Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts.
CVE-2025-66123 2 About Envato, Wordpress 2 Bookpro, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.
CVE-2026-54839 2 Kingaddons, Wordpress 2 Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups, Wordpress 2026-06-29 7.5 High
Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.
CVE-2026-56069 2 Site Building With Toolset, Wordpress 2 Toolset Forms, Wordpress 2026-06-29 7.5 High
Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.
CVE-2026-57665 2 Gravitykit, Wordpress 2 Gravityview, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
CVE-2026-57231 1 Podman-container-tools 1 Podman 2026-06-29 7.5 High
Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0.
CVE-2026-55686 1 Podman-container-tools 1 Podman 2026-06-29 5.3 Medium
Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1.
CVE-2026-57676 2 Matteo Manna, Wordpress 2 Simple User Avatar, Wordpress 2026-06-29 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9.
CVE-2026-56048 1 Wordpress 2 Payment Gateway Based Fees And Discounts For Woocommerce, Wordpress 2026-06-29 6.5 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.
CVE-2026-57630 2 Creativethemes, Wordpress 2 Blocksy Companion, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.
CVE-2026-57943 1 Librephotos Project 1 Librephotos 2026-06-29 5.9 Medium
LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate shared_to relations without proper owner checks to read arbitrary private photos belonging to other users.
CVE-2026-57956 2026-06-29 6.4 Medium
SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules belonging to other organizations by exploiting the missing tenant isolation check, bypassing multi-tenant access controls.