Export limit exceeded: 356021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356021 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5415 | 2026-06-05 | 8.8 High | ||
| The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajax_run_tool() AJAX handler relying solely on a nonce check (check_ajax_referer) for security without performing any capability check, combined with the create_temporary_link tool allowing the generation of passwordless login links for arbitrary users, and the handle_temporary_links() function authenticating visitors via these links without any additional authorization validation. The required nonce is exposed to all authenticated backend users (including Subscribers) via wp_localize_script() on all non-settings admin pages when the plugin's welcome pointer has not been dismissed. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass normal authentication and log in as any user, including Administrators, resulting in complete account takeover. | ||||
| CVE-2023-5502 | 1 Arista | 1 Eos | 2026-06-05 | 5.9 Medium |
| On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication. | ||||
| CVE-2026-11071 | 1 Google | 1 Chrome | 2026-06-05 | 8.8 High |
| Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11075 | 1 Google | 1 Chrome | 2026-06-05 | 6.5 Medium |
| Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11080 | 1 Google | 1 Chrome | 2026-06-05 | 8.8 High |
| Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11087 | 1 Google | 1 Chrome | 2026-06-05 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11093 | 1 Google | 1 Chrome | 2026-06-05 | 6.5 Medium |
| Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11094 | 1 Google | 1 Chrome | 2026-06-05 | 9.6 Critical |
| Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-27892 | 1 Arista | 1 Eos | 2026-06-05 | 9.6 Critical |
| Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | ||||
| CVE-2024-27890 | 1 Arista | 1 Eos | 2026-06-05 | 9.6 Critical |
| Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | ||||
| CVE-2024-27891 | 1 Arista | 1 Eos | 2026-06-05 | 5.3 Medium |
| On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied. | ||||
| CVE-2026-21404 | 1 Navtor | 1 Navbox | 2026-06-05 | 6.3 Medium |
| NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths. | ||||
| CVE-2026-50590 | 1 Mimecast | 1 Incydr | 2026-06-05 | 4.5 Medium |
| In Mimecast Incydr before 2.6.0, arbitrary file access can occur. | ||||
| CVE-2026-50591 | 1 Znuny | 1 Znuny | 2026-06-05 | 5.4 Medium |
| In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. | ||||
| CVE-2026-50593 | 1 Graphite Project | 1 Graphite | 2026-06-05 | 7.3 High |
| Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range. | ||||
| CVE-2026-50592 | 1 Znuny | 1 Znuny | 2026-06-05 | 6.4 Medium |
| In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view). | ||||
| CVE-2023-52951 | 1 Synology | 2 Note Station Client, Synology Note Station Client | 2026-06-05 | 5.9 Medium |
| A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential. | ||||
| CVE-2022-49042 | 1 Synology | 2 Hyper Backup Explorer, Synology Hyper Backup Explorer | 2026-06-05 | 7.8 High |
| An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2026-46391 | 2026-06-05 | N/A | ||
| HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the matched substrings to an attacker-controlled endpoint and capture authentication. Version 26.0.0 fixes the issue. | ||||
| CVE-2026-6209 | 2026-06-05 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||