Export limit exceeded: 352759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352759 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48692 | 1 Pavel-odintsov | 1 Fastnetmon | 2026-05-26 | N/A |
| FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a source code comment explicitly acknowledges 'Listen on the given address without any authentication mechanism.' None of the RPC methods in src/api.cpp (ExecuteBan, ExecuteUnBan, GetBanlist, GetTotalTrafficCounters, etc.) perform any credential verification. The ExecuteBan and ExecuteUnBan methods trigger security-critical actions: BGP route announcements that can blackhole network traffic, and execution of external notification scripts via popen(). An attacker with local network access can ban arbitrary IP addresses (causing denial of service to legitimate traffic), unban active attacks (disabling DDoS mitigation), and trigger script execution. There is also no role-based access control separating read-only monitoring from destructive administrative operations. | ||||
| CVE-2026-48685 | 1 Pavel-odintsov | 1 Fastnetmon | 2026-05-26 | N/A |
| FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access. | ||||
| CVE-2026-42600 | 1 Minio | 1 Minio | 2026-05-26 | 4.9 Medium |
| MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the MinIO process UID. The attacker sends POST minio/storage/{drivePath}/v63/rmpl with a msgpack-encoded body carrying ../ sequences in the Bucket field. The server opens the resulting path via os.OpenFile with O_RDONLY|O_NOATIME and returns its contents in the msgpack response stream. This vulnerability is fixed in RELEASE.2026-04-14T21-32-45Z. | ||||
| CVE-2026-44729 | 2026-05-26 | 8.7 High | ||
| Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/* and /file/:fileFolder/:id serve uploaded files using fileStream.pipe(res) without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an authenticated attacker to upload an HTML file containing JavaScript, which will be rendered by the victim's browser in the context of the Twenty CRM domain when accessed — enabling session hijacking, account takeover, and data theft. | ||||
| CVE-2026-45495 | 1 Microsoft | 1 Edge Chromium | 2026-05-26 | 8.8 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2026-35221 | 2026-05-26 | N/A | ||
| Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | ||||
| CVE-2026-48903 | 2026-05-26 | N/A | ||
| Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. | ||||
| CVE-2026-35220 | 2026-05-26 | N/A | ||
| Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. | ||||
| CVE-2026-35222 | 2026-05-26 | N/A | ||
| Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. | ||||
| CVE-2026-9565 | 1 Haojing8312 | 1 Workclaw | 2026-05-26 | 6.3 Medium |
| A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-1773 | 1 Hitachienergy | 9 Rtu500 Firmware, Rtu520, Rtu520 Firmware and 6 more | 2026-05-26 | 7.5 High |
| IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation. | ||||
| CVE-2026-23262 | 1 Linux | 1 Linux Kernel | 2026-05-26 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size of the NIC's stats. When the number of queues is changed, the driver's stats region is resized. If the queue count is increased, the NIC can write past the end of the allocated stats region, causing memory corruption. If the queue count is decreased, there is a gap between the driver and NIC stats, leading to incorrect stats reporting. This change fixes the issue by allocating stats region with maximum size, and the offset calculation for NIC stats is changed to match with the calculation of the NIC. | ||||
| CVE-2026-48905 | 2026-05-26 | N/A | ||
| Lack of input filtering leads to an XSS vector in the HTML filter code. | ||||
| CVE-2026-25901 | 2026-05-26 | N/A | ||
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | ||||
| CVE-2026-30894 | 2026-05-26 | N/A | ||
| Lack of output escaping leads to a XSS vector in the content history component. | ||||
| CVE-2026-48091 | 2026-05-26 | N/A | ||
| Further research determined the issue is not a vulnerability. | ||||
| CVE-2026-43930 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-05-26 | 5.9 Medium |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive valid session tokens, breaking the single-use property of the OTP. The vulnerability requires the attacker to already possess the victim's password and intercept the active SMS OTP (e.g. via SIM swap, network mirror, or phishing relay) and to race the legitimate login request, so the practical attack surface is narrow. This vulnerability is fixed in 8.6.76 and 9.9.0-alpha.2. | ||||
| CVE-2026-31215 | 2 Modelengine-group, Nexent | 2 Nexent, Nexent | 2026-05-26 | 9.1 Critical |
| The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied path_or_url parameter. This allows unauthenticated remote attackers to send crafted requests that trigger the deletion of arbitrary documents from ElasticSearch indices and corresponding files from the MinIO storage system. Successful exploitation leads to data destruction and denial of service. | ||||
| CVE-2026-31216 | 2 Modelengine-group, Nexent | 2 Nexent, Nexent | 2026-05-26 | 9.1 Critical |
| The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send crafted requests with a user-controlled object_name path parameter to delete arbitrary files from the underlying MinIO storage system. Successful exploitation leads to data loss and denial of service. | ||||
| CVE-2026-43981 | 2026-05-26 | N/A | ||
| Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state causing Lua VM corruption. The Go race detector confirms this immediately under modest concurrency (ab -n 1000 -c 100). This vulnerability is fixed in 1.17.6. | ||||