Export limit exceeded: 361796 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361796 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48706 | 1 Envoyproxy | 1 Envoy | 2026-06-26 | 5.9 Medium |
| Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpStatsdSink), where the thread-local flusher buffer can be overflowed by exceptionally long statistic names (e.g., >16KiB). During formatting, TcpStatsdSink reserves a single contiguous memory slice of 16KiB (FLUSH_SLICE_SIZE_BYTES). If formatting a single metric exceeds the remaining capacity, the flusher initiates a buffer rotation but incorrectly continues to allocate another fixed 16KiB slice. If an attacker can trigger a statistic name longer than 16KiB—for example, by sending an HTTP or gRPC request with an extremely long request path (:path) that is recorded by the grpc_stats filter configured with stats_for_all_methods: true—the flusher will attempt to copy the metric name using memcpy operations beyond the allocated heap buffer boundaries. This leads to a heap write overflow, which can cause immediate denial-of-service (process crash) or potential remote code execution (RCE). This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3. | ||||
| CVE-2026-47207 | 1 Envoyproxy | 1 Envoy | 2026-06-26 | 6.5 Medium |
| Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the first response in the batch causes the gRPC stream object to be destroyed, leading to a use-after-free error when Envoy attempts to process subsequent responses in the same gRPC message. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3. | ||||
| CVE-2026-47692 | 1 Envoyproxy | 1 Envoy | 2026-06-26 | 4.8 Medium |
| Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in the header. This can result in smuggled bytes on the upstream request. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3. | ||||
| CVE-2026-52784 | 1 Opf | 1 Openproject | 2026-06-26 | 8.8 High |
| OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fixed in 17.3.3 and 17.4.1. | ||||
| CVE-2026-53287 | 1 Linux | 1 Linux Kernel | 2026-06-26 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records __audit_log_capset() records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cap_pi (process inheritable) with the value of cap_effective instead of cap_inheritable. This silently corrupts audit data used for compliance and forensic analysis: an attacker who modifies inheritable capabilities to prepare for a privilege-escalating exec would have the change masked in the audit trail. The bug has been present since the original introduction of CAPSET audit records in 2008. | ||||
| CVE-2026-53314 | 1 Linux | 1 Linux Kernel | 2026-06-26 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614 at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux") which tglx traced to padata_cpu_dead() given it's the only sub-CPUHP_TEARDOWN_CPU callback that returns an error. Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU so move the CPU offline callback to the ONLINE section where failure is possible. | ||||
| CVE-2026-53315 | 1 Linux | 1 Linux Kernel | 2026-06-26 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp() ras_core_get_utc_second_timestamp() retrieves the current UTC timestamp (in seconds since the Unix epoch) through a platform-specific RAS system callback and is used for timestamping RAS error events. The function checks ras_core in the conditional statement before calling the sys_fn callback. However, when the condition fails, the function prints an error message using ras_core->dev. If ras_core is NULL, this can lead to a potential NULL pointer dereference when accessing ras_core->dev. Add an early NULL check for ras_core at the beginning of the function and return 0 when the pointer is not valid. This prevents the dereference and makes the control flow clearer. | ||||
| CVE-2026-57643 | 2 Afthemes, Wordpress | 2 Wp Post Author, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in WP Post Author <= 3.9.1 versions. | ||||
| CVE-2026-57653 | 2 Wordpress, Wpjobportal | 2 Wordpress, Wp Job Portal | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in WP Job Portal <= 2.5.2 versions. | ||||
| CVE-2026-56031 | 2 Uncannyowl, Wordpress | 2 Uncanny Automator, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions. | ||||
| CVE-2026-57652 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-06-26 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions. | ||||
| CVE-2026-54825 | 2 Wordpress, Wpdatatables | 2 Wordpress, Wpdatatables | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in wpDataTables <= 7.4 versions. | ||||
| CVE-2026-56064 | 2 Themefic, Wordpress | 2 Tourfic, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in Tourfic <= 2.22.5 versions. | ||||
| CVE-2026-57631 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-06-26 | 7.6 High |
| Administrator SQL Injection in Popup box <= 6.0.1 versions. | ||||
| CVE-2026-57646 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2026-06-26 | 5.4 Medium |
| Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions. | ||||
| CVE-2026-57661 | 2 Nexcess, Wordpress | 2 Wpcomplete, Wordpress | 2026-06-26 | 5.4 Medium |
| Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions. | ||||
| CVE-2026-11834 | 2 Tp-link, Tp Link | 7 Archer C20 V5, Archer C20 V6, Archer Mr200 V07 and 4 more | 2026-06-26 | N/A |
| A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially resulting in unauthorized command execution during device initialization or provisioning workflows. This typically occurs when the device is in a factory-default or unconfigured state. Successful exploitation may allow an adjacent, unauthenticated attacker to execute arbitrary commands with elevated privileges, potentially leading to full compromise of the affected device and unauthorized administrative control. | ||||
| CVE-2026-4367 | 2 Libxpm Projet, Redhat | 4 Libxpm, Enterprise Linux, Hardened Images and 1 more | 2026-06-26 | 5.5 Medium |
| A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions. | ||||
| CVE-2026-8380 | 2 Frontend File Manager Plugin, Wordpress | 2 Frontend File Manager Plugin, Wordpress | 2026-06-26 | 6.5 Medium |
| The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugin WordPress plugin through 23.6's "Allow guest uploads" setting is enabled by an administrator, the same deletion primitive becomes reachable by unauthenticated users. | ||||
| CVE-2026-9699 | 1 Mattermost | 1 Mattermost | 2026-06-26 | 6.8 Medium |
| Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609 | ||||