Export limit exceeded: 11823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11823 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36738 | 1 U-speed | 1 Ac1200 Gigabit Wi-fi Router | 2026-05-17 | 6.8 Medium |
| U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality. | ||||
| CVE-2026-44504 | 1 Aegra | 1 Aegra | 2026-05-17 | N/A |
| Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the user's full checkpoint state, and inject arbitrary messages into the user's conversation history. This vulnerability is fixed in 0.9.7. | ||||
| CVE-2025-67437 | 1 Medical Management System | 1 Medical Management System | 2026-05-17 | 6.5 Medium |
| Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset. | ||||
| CVE-2025-0040 | 1 Amd | 4 Ryzen 7040 Series Mobile Processors With Radeon Graphics, Ryzen 8000 Series Desktop Processors, Ryzen 8040 Series Mobile Processors With Radeon Graphics and 1 more | 2026-05-17 | N/A |
| Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality. | ||||
| CVE-2026-45371 | 1 Siyuan | 1 Siyuan | 2026-05-17 | N/A |
| SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST /api/storage/updateRecentDocCloseTime, POST /api/storage/updateRecentDocOpenTime, POST /api/storage/batchUpdateRecentDocCloseTime, and POST /api/search/updateEmbedBlock are registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly. Each of them writes server-side state, including atomic rewrites of <workspace>/conf/conf.json via model.Conf.Save(). Any caller whose JWT passes CheckAuth, including a publish-service RoleReader (the role assigned to anonymous publish visitors) and a RoleEditor against a workspace where Editor.ReadOnly = true, can hit them This vulnerability is fixed in 3.7.0. | ||||
| CVE-2026-45147 | 1 Siyuan | 1 Siyuan | 2026-05-17 | 4.3 Medium |
| SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service RoleReader accounts and RoleEditor accounts on a read-only workspace — can call this endpoint with a sort argument to mutate model.Conf.Tag.Sort and trigger model.Conf.Save(), which atomically rewrites the entire workspace conf.json. This vulnerability is fixed in 3.7.0. | ||||
| CVE-2026-8750 | 1 H2oai | 1 H2o-3 | 2026-05-17 | 5.3 Medium |
| A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-33381 | 1 Grafana | 1 Grafana | 2026-05-16 | 5.9 Medium |
| When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this. | ||||
| CVE-2026-8305 | 1 Openclaw | 1 Openclaw | 2026-05-16 | 7.3 High |
| A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 is sufficient to resolve this issue. The patch is named a6653be0265f1f02b9de46c06f52ea7c81a836e6. The affected component should be upgraded. | ||||
| CVE-2026-41101 | 1 Microsoft | 2 Word, Word For Android | 2026-05-16 | 7.1 High |
| Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2026-41100 | 1 Microsoft | 3 365 Copilot, 365 Copilot Android, 365 Copilot Android | 2026-05-16 | 4.4 Medium |
| Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2026-43912 | 1 Dani-garcia | 1 Vaultwarden | 2026-05-15 | 8.7 High |
| Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as groups.groups_uuid, or a collections_groups.collections_uuid entry belongs to the same organization as collections_groups.groups_uuid. Multiple organization group-management endpoints accept arbitrary MembershipId and CollectionId values and persist them directly without verifying org consistency. This lets an attacker who is Admin in Organization A, and only a low-privileged member in Organization B bind their Org B membership UUID into an Org A group, then use that foreign group relationship to gain unauthorized access to Org B vault data. With an accessAll=true Org A group, the attacker can make /api/sync and /api/ciphers enumerate Org B ciphers. Once those unauthorized sync results reveal Org B collection IDs, the attacker can also bind those foreign collection IDs to the Org A group and turn the same flaw into write access over Org B items. This vulnerability is fixed in 1.35.5. | ||||
| CVE-2026-4524 | 1 Gitlab | 1 Gitlab | 2026-05-15 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper authorization checks. | ||||
| CVE-2026-44478 | 1 Hoppscotch | 1 Hoppscotch | 2026-05-15 | 7.5 High |
| hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config still leaks all infrastructure secrets in plaintext to unauthenticated users when the ONBOARDING_RECOVERY_TOKEN stored in the database is an empty string. This vulnerability is fixed in 2026.4.0. | ||||
| CVE-2026-41086 | 1 Microsoft | 2 Azure Portal Windows Admin Center, Windows Admin Center | 2026-05-15 | 8.8 High |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-8563 | 1 Google | 1 Chrome | 2026-05-15 | 4.3 Medium |
| Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-42855 | 1 Espressif | 1 Arduino-esp32 | 2026-05-15 | 7.5 High |
| arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header, without verifying that it matches the actual requested URI. This allows an attacker who possesses any valid digest response (computed for URI-A) to authenticate requests to a completely different protected URI (URI-B), bypassing per-resource access control. This vulnerability is fixed in 3.3.8. | ||||
| CVE-2026-43515 | 1 Apache | 1 Tomcat | 2026-05-15 | 9.1 Critical |
| Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue. | ||||
| CVE-2026-5229 | 2 M615926, Wordpress | 2 Receive Notifications After Form Submitting – Form Notify For Any Forms, Wordpress | 2026-05-15 | 9.8 Critical |
| The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email address (which is common), the plugin falls back to reading the 'form_notify_line_email' cookie value without verifying that the LINE account is associated with that email address. This makes it possible for unauthenticated attackers to gain access to any user account on the site, including administrator accounts, by completing a LINE OAuth flow with their own LINE account while injecting a malicious cookie containing the target victim's email address. | ||||
| CVE-2026-44277 | 1 Fortinet | 1 Fortiauthenticator | 2026-05-15 | 9.1 Critical |
| A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here> | ||||