Export limit exceeded: 352878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352878 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47672 | 2026-05-26 | 6.5 Medium | ||
| epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment (e.g., following the production Docker example in the README), this is exploitable from the local network without credentials. | ||||
| CVE-2026-48898 | 1 Joomla | 1 Joomla\! | 2026-05-26 | 9.8 Critical |
| An improper access check allows privilege escalation through the com_users batch task. | ||||
| CVE-2026-48899 | 1 Joomla | 1 Joomla\! | 2026-05-26 | 9.8 Critical |
| An improper access check allows privilege escalation through the com_users batch task. | ||||
| CVE-2026-48900 | 1 Joomla | 1 Joomla\! | 2026-05-26 | 4.3 Medium |
| An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. | ||||
| CVE-2026-48903 | 1 Joomla | 1 Joomla\! | 2026-05-26 | 6.1 Medium |
| Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. | ||||
| CVE-2026-48904 | 1 Joomla | 1 Joomla\! | 2026-05-26 | 9.8 Critical |
| An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | ||||
| CVE-2026-48905 | 1 Joomla | 1 Joomla\! | 2026-05-26 | 6.1 Medium |
| Lack of input filtering leads to an XSS vector in the HTML filter code. | ||||
| CVE-2026-8850 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 7.5 High |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. | ||||
| CVE-2026-8852 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 6.2 Medium |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. | ||||
| CVE-2026-44209 | 2026-05-26 | 7.5 High | ||
| Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2. | ||||
| CVE-2026-9582 | 1 Sourcecodester | 1 Cet Automated Grading System With Ai Predictive Analytics | 2026-05-26 | 4.3 Medium |
| A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-24193 | 1 Nvidia | 5 Geforce, Nvs, Quadro and 2 more | 2026-05-26 | 7.8 High |
| NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. | ||||
| CVE-2026-44831 | 2 Grokability, Snipeitapp | 2 Snipe-it, Snipe-it | 2026-05-26 | 4.8 Medium |
| Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulnerability is fixed in 8.4.1. | ||||
| CVE-2026-44832 | 2 Grokability, Snipeitapp | 2 Snipe-it, Snipe-it | 2026-05-26 | 8.8 High |
| Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1. | ||||
| CVE-2026-44833 | 2 Grokability, Snipeitapp | 2 Snipe-it, Snipe-it | 2026-05-26 | 5.9 Medium |
| Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1. | ||||
| CVE-2026-8834 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 8 High |
| IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service. | ||||
| CVE-2026-41999 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 4.8 Medium |
| Incorrect Behaviour of Views with TCP PROXY Requests | ||||
| CVE-2026-8835 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 7.3 High |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service. | ||||
| CVE-2025-68709 | 2026-05-26 | N/A | ||
| SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege escalation. | ||||
| CVE-2026-24187 | 2026-05-26 | 8.8 High | ||
| NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. | ||||