Export limit exceeded: 352243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35616 | 1 Fortinet | 1 Forticlientems | 2026-05-22 | 9.1 Critical |
| A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | ||||
| CVE-2026-6973 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-22 | 7.2 High |
| An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. | ||||
| CVE-2026-8672 | 1 Syslink Software Ag | 1 Avantra | 2026-05-22 | 5.1 Medium |
| Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2026-9256 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2026-05-22 | 8.1 High |
| NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-7325 | 2026-05-22 | N/A | ||
| Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier | ||||
| CVE-2026-5171 | 2026-05-22 | N/A | ||
| Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier | ||||
| CVE-2026-8477 | 2026-05-22 | N/A | ||
| Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier | ||||
| CVE-2026-9224 | 2026-05-22 | N/A | ||
| Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier | ||||
| CVE-2026-9249 | 2026-05-22 | N/A | ||
| Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier | ||||
| CVE-2026-9245 | 2026-05-22 | N/A | ||
| Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier | ||||
| CVE-2026-9248 | 2026-05-22 | N/A | ||
| Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier | ||||
| CVE-2026-9047 | 2026-05-22 | N/A | ||
| Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-factor authentication after the user reconfigures their factors. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 | ||||
| CVE-2025-32747 | 1 Dell | 3 Powerflex Manager, Powerflex Manager Appliance, Powerflex Manager Rack | 2026-05-22 | 5.3 Medium |
| Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2026-8673 | 1 Syslink Software Ag | 1 Avantra | 2026-05-22 | 5.9 Medium |
| Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2025-32745 | 1 Dell | 3 Powerflex Manager, Powerflex Manager Appliance, Powerflex Manager Rack | 2026-05-22 | 4.2 Medium |
| Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. | ||||
| CVE-2026-8997 | 2026-05-22 | N/A | ||
| vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the history to cause memory corruption or application crashes. Releases from 0.12.1 to 0.14.3 (including) are considered vulnerable. This issue was fixed in commit 23063c7 | ||||
| CVE-2026-8670 | 1 Syslink Software Ag | 1 Avantra | 2026-05-22 | 9.6 Critical |
| Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1. | ||||
| CVE-2026-8671 | 1 Syslink Software Ag | 1 Avantra | 2026-05-22 | 7.5 High |
| Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2024-51092 | 1 Librenms | 1 Librenms | 2026-05-22 | 9.1 Critical |
| LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory(). | ||||
| CVE-2025-32749 | 1 Dell | 3 Powerflex Manager, Powerflex Manager Appliance, Powerflex Manager Rack | 2026-05-22 | 5.3 Medium |
| Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||