Export limit exceeded: 362049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362049 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13207 | 2026-06-30 | 7.5 High | ||
| FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. | ||||
| CVE-2026-9132 | 2026-06-30 | N/A | ||
| A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range and rendered the resulting diff without verifying that the requesting user was authorized to view the target repository. Exploitation required an authenticated account on the instance with read access to at least one repository to use as the comparison base. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.17.17, 3.18.11, 3.19.8, and 3.20.4. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2025-36319 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 4.3 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling. | ||||
| CVE-2025-36320 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 6.4 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36321 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 5.7 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2025-36323 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 5.4 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36324 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 4.3 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-36327 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 6.5 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security. | ||||
| CVE-2025-36328 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 4.3 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2025-36333 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 4.3 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow. | ||||
| CVE-2026-10816 | 1 Netscaler | 2 Adc, Gateway | 2026-06-30 | N/A |
| Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled | ||||
| CVE-2025-36336 | 1 Ibm | 1 Watsonxdata Intelligence | 2026-06-30 | 5.9 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-36359 | 1 Ibm | 2 Devops Automation, Devops Loop | 2026-06-30 | 8.1 High |
| IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2026-9836 | 1 Ibm | 1 Infosphere Information Server | 2026-06-30 | 3.5 Low |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | ||||
| CVE-2026-7663 | 1 Ibm | 1 Langflow Oss | 2026-06-30 | 9.1 Critical |
| IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint. | ||||
| CVE-2026-43722 | 1 Apple | 2 Ios And Ipados, Macos | 2026-06-30 | 5.5 Medium |
| The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to leak sensitive kernel state. | ||||
| CVE-2025-36372 | 1 Ibm | 1 Db2 | 2026-06-30 | 5.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables. | ||||
| CVE-2026-43707 | 1 Apple | 3 Ios And Ipados, Macos, Safari | 2026-06-30 | 6.5 Medium |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-10109 | 1 Ibm | 1 Db2 | 2026-06-30 | 9.8 Critical |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. | ||||
| CVE-2026-10129 | 1 Ibm | 1 Langflow Oss | 2026-06-30 | 8.5 High |
| IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges (flow author role) can bypass SSRF protections by enabling the follow_redirects parameter and supplying a public URL that redirects to internal/localhost addresses. The vulnerability exists because the application validates only the initial URL but does not re-validate redirect destinations. This allows attackers to access internal HTTP services, localhost endpoints, cloud metadata services, and private network resources that should be unreachable when SSRF protection is enabled. Successful exploitation can lead to disclosure of sensitive information including credentials, tokens, internal API responses, and administrative panel data. | ||||