Export limit exceeded: 352665 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352665 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9467 | 1 Debugmcp | 1 Mcp-debugger | 2026-05-26 | 4.3 Medium |
| A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-9529 | 1 Gnu | 1 Libredwg | 2026-05-26 | 3.3 Low |
| A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-48851 | 1 Putty | 1 Putty | 2026-05-26 | 3.1 Low |
| PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session. | ||||
| CVE-2026-9495 | 2026-05-26 | 7.3 High | ||
| Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed to protect, an attacker could bypass authentication and authorization, evade rate limiting or bypass input sanitization. | ||||
| CVE-2026-43827 | 2026-05-26 | N/A | ||
| Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already exists, it is not invalidated upon successful login, nor is a new session being generated with a new ID. | ||||
| CVE-2026-48852 | 1 Putty | 1 Putty | 2026-05-26 | 3.7 Low |
| PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification. | ||||
| CVE-2026-43828 | 1 Apache | 1 Shiro | 2026-05-26 | N/A |
| Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, Shiro-native session manager, as well as Remember-Me manager sends JSESSIONID and rememberMe cookies without 'secure' attribute by default. | ||||
| CVE-2026-9485 | 1 Sourcecodester | 1 Student Grades Management System | 2026-05-26 | 3.5 Low |
| A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-48589 | 2026-05-26 | N/A | ||
| Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module. This issue affects Apache Shiro from 2.0-alpha to 2.2.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. | ||||
| CVE-2026-9512 | 1 Totolink | 1 Ca750-poe | 2026-05-26 | 6.3 Medium |
| A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-9502 | 1 Gnu | 1 Libredwg | 2026-05-26 | 5.3 Medium |
| A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2026-9519 | 1 Stonith404 | 1 Pingvin-share | 2026-05-26 | 4.3 Medium |
| A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect. The manipulation of the argument redirect results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-9526 | 1 Itsourcecode | 1 Electronic Judging System | 2026-05-26 | 7.3 High |
| A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-9532 | 1 Totolink | 1 Ca750-poe | 2026-05-26 | 6.3 Medium |
| A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-9514 | 1 Totolink | 1 Ca750-poe | 2026-05-26 | 6.3 Medium |
| A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is directly passed by the attacker/so we can control the NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-8407 | 1 Devolutions | 2 Devolutions Server, Server | 2026-05-26 | 4.3 Medium |
| Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted requests to PAM API endpoints. This issue affects the following versions : * Devolutions Server 2026.1.6.0 through 2026.1.11.0 * Devolutions Server 2025.3.16.0 and earlier | ||||
| CVE-2026-25713 | 2026-05-26 | 7.8 High | ||
| MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability | ||||
| CVE-2026-25104 | 2026-05-26 | 7.8 High | ||
| MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability | ||||
| CVE-2026-9479 | 1 Edimax | 1 Ew-7438rpn | 2026-05-26 | 8.8 High |
| A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-9528 | 1 Itsourcecode | 1 Electronic Judging System | 2026-05-26 | 7.3 High |
| A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||