Export limit exceeded: 361517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45692 | 1 Caddyserver | 1 Caddy | 2026-06-26 | 5.4 Medium |
| Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config object during traversal. This happens because the authorization layer uses string prefix matching and the /config traversal layer parses array indices numerically using strconv.Atoi(). This vulnerability is fixed in 2.11.3. | ||||
| CVE-2026-37453 | 1 Msi | 1 Nbfoundation Service | 2026-06-26 | 7.5 High |
| Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe | ||||
| CVE-2025-60465 | 1 Gpac | 1 Mp4box | 2026-06-26 | 6.1 Medium |
| A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file. | ||||
| CVE-2026-57632 | 2026-06-26 | 5.4 Medium | ||
| Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions. | ||||
| CVE-2026-11779 | 1 Payloadcms | 1 Payloadcms | 2026-06-26 | N/A |
| An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation. | ||||
| CVE-2026-45407 | 2026-06-26 | 5 Medium | ||
| Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who can traverse the dokku home directory. This vulnerability is fixed in 0.38.2. | ||||
| CVE-2026-54327 | 1 Earendil-works | 1 Pi | 2026-06-26 | 2.2 Low |
| Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only permissions. This vulnerability is fixed in 0.78.1. | ||||
| CVE-2026-57645 | 2026-06-26 | 8.1 High | ||
| newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-57657 | 2026-06-26 | 4.3 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | ||||
| CVE-2026-57663 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | ||||
| CVE-2026-56790 | 1 Canboat | 1 Canboat | 2026-06-26 | 7.3 High |
| CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service. | ||||
| CVE-2025-63078 | 2026-06-26 | 4.3 Medium | ||
| Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. | ||||
| CVE-2025-68063 | 2026-06-26 | 7.5 High | ||
| Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. | ||||
| CVE-2026-54820 | 2026-06-26 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. | ||||
| CVE-2026-54832 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions. | ||||
| CVE-2026-54840 | 2026-06-26 | 7.3 High | ||
| Unauthenticated Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-56025 | 2026-06-26 | 7.5 High | ||
| Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions. | ||||
| CVE-2026-56038 | 2026-06-26 | 8.8 High | ||
| Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions. | ||||
| CVE-2026-57638 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | ||||
| CVE-2026-57651 | 2026-06-26 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. | ||||