Export limit exceeded: 357795 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357795 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12060 | 1 Hepta Platforms | 1 Heptabase | 2026-06-12 | 6.5 Medium |
| Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining unauthorized access to camera and microphone permissions. | ||||
| CVE-2026-11535 | 1 Vivo | 1 Pcsuite | 2026-06-12 | N/A |
| An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device. | ||||
| CVE-2026-12058 | 1 Vivo | 1 Pcsuite | 2026-06-12 | N/A |
| The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed. | ||||
| CVE-2026-50627 | 1 Apache | 1 Cxf | 2026-06-12 | N/A |
| The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue. | ||||
| CVE-2026-11844 | 1 Iei Integration Corp | 1 Ivec Tank-xm811 | 2026-06-12 | 4.9 Medium |
| The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope. | ||||
| CVE-2026-11845 | 1 Iei Integration Corp | 1 Ivec Tank-xm811 | 2026-06-12 | 7.2 High |
| The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device. | ||||
| CVE-2026-11846 | 1 Iei Integration Corp | 1 Ivec Tank-xm811 | 2026-06-12 | 8.1 High |
| The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption. | ||||
| CVE-2026-11847 | 1 Iei Integration Corp | 1 Ivec Tank-xm811 | 2026-06-12 | 4.3 Medium |
| The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths. | ||||
| CVE-2026-48914 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux For Nvidia 26, Enterprise Linux Nvidia and 2 more | 2026-06-12 | 6.7 Medium |
| A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process. | ||||
| CVE-2026-11848 | 1 Iei Integration Corp | 1 Irm-tsi410x | 2026-06-12 | 5.3 Medium |
| The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information. | ||||
| CVE-2026-11849 | 1 Iei Integration Corp | 1 Irm-tsi410x | 2026-06-12 | 9.8 Critical |
| The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database. | ||||
| CVE-2026-47196 | 1 Duck-organization | 1 Questbot | 2026-06-12 | N/A |
| Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes(""), which is always true, causing the bot to delete every non-bot guild message. This issue has been patched in version 1.1.6. | ||||
| CVE-2026-47195 | 1 Duck-organization | 1 Questbot | 2026-06-12 | N/A |
| Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissions can still delete messages or change slowmode through the bot. This issue has been patched in version 1.1.6. | ||||
| CVE-2026-48485 | 1 Duck-organization | 1 Questbot | 2026-06-12 | N/A |
| Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with @everyone or @here in the reason, then make the bot later output that reason through /warns, causing a mass ping if the bot has permission. This issue has been patched in version 1.1.6. | ||||
| CVE-2026-49347 | 1 Duck-organization | 1 Questbot | 2026-06-12 | N/A |
| Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the same user already has an open ticket and without applying a cooldown. This issue has been patched in version 1.1.8. | ||||
| CVE-2017-20240 | 1 Arodland | 1 Crypt::pbkdf2 | 2026-06-12 | 5.9 Medium |
| Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key. | ||||
| CVE-2026-11879 | 1 Mobatek | 2 Mobaxterm Personal Edition, Mobaxterm Personal Edition Portable | 2026-06-12 | N/A |
| MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application. | ||||
| CVE-2026-11967 | 1 Mobatek | 2 Mobaxterm Personal Edition, Mobaxterm Personal Edition Portable | 2026-06-12 | N/A |
| MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application. | ||||
| CVE-2026-6853 | 1 Basbelen Group | 1 Pause+ Mobile App | 2026-06-12 | 9.8 Critical |
| Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5. | ||||
| CVE-2026-54133 | 1 Jmespath | 1 Jmespath.php | 2026-06-12 | 9.8 Critical |
| jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when `JmesPath\CompilerRuntime` is used with an attacker-controlled JMESPath expression. The compiler emits parsed JMESPath function names into generated PHP source without sufficient escaping. A crafted expression can cause the generated cache file to contain executable attacker-controlled PHP, which is then loaded by the compiler runtime. The issue is patched in `2.9.1` and later. As a workaround, disable `JP_PHP_COMPILE` and do not use `JmesPath\CompilerRuntime` with attacker-controlled expressions. Use the default `AstRuntime` for untrusted expressions. Applications that must continue accepting untrusted JMESPath expressions before upgrading should ensure those expressions are never evaluated by the compiler runtime. | ||||