Export limit exceeded: 354876 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (354876 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5422 | 2026-06-02 | N/A | ||
| A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator, allowing sibling directories with names starting with the same prefix as root_dir to bypass the check. Additionally, the to_os_path() function in utils.py does not strip ".." from path parts, enabling traversal sequences to bypass the vulnerable check. This vulnerability can lead to unauthorized read/write access to files in sibling directories, potentially exposing sensitive data in shared hosting environments. | ||||
| CVE-2026-3091 | 1 Synology | 2 Presto Client, Synology Presto Client | 2026-06-02 | 6.7 Medium |
| An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same directory as the installer. | ||||
| CVE-2024-7837 | 1 Firmanet | 1 Erp | 2026-06-02 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection. This issue affects ERP: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-34906 | 2026-06-02 | N/A | ||
| Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allow an attacker to run remote commands, including establishing a reverse shell. This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545 | ||||
| CVE-2026-34002 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-02 | 6.1 Medium |
| A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service. | ||||
| CVE-2026-34003 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-02 | 7.8 High |
| A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible. | ||||
| CVE-2026-34001 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-02 | 7.8 High |
| A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system. | ||||
| CVE-2026-34000 | 2 Redhat, X.org | 10 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 7 more | 2026-06-02 | 6.1 Medium |
| A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server. | ||||
| CVE-2026-33999 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 5 more | 2026-06-02 | 7.8 High |
| A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts. | ||||
| CVE-2026-2237 | 1 Synology | 2 Diskstation Manager, Storage Manager | 2026-06-02 | 6.2 Medium |
| A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information. | ||||
| CVE-2024-7872 | 1 Extremepacs | 1 Extreme Xds | 2026-06-02 | 7.6 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933. | ||||
| CVE-2026-10549 | 2026-06-02 | N/A | ||
| LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database. | ||||
| CVE-2024-7873 | 1 Veribilim Software | 1 Veribase Order Management | 2026-06-02 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting (XSS), Exploit Script-Based APIs, XSS Through HTTP Headers. This issue affects Veribase Order: before v4.010.3. | ||||
| CVE-2024-7882 | 1 Special Minds | 1 E-commerce | 2026-06-02 | 6.5 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection. This issue affects e-Commerce: before 22.11.2024. | ||||
| CVE-2024-8074 | 2026-06-02 | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users. This issue affects Nomysem: before 13.10.2024. | ||||
| CVE-2024-8259 | 1 Eryaz Information Technologies | 1 Natracar B2b Dealer Management Program | 2026-06-02 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection. This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2024-8261 | 1 Prolizyazilim | 1 Student Affairs Information System | 2026-06-02 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OBS: before 24.0927. | ||||
| CVE-2024-8262 | 1 Prolizyazilim | 1 Student Affairs Information System | 2026-06-02 | 9.8 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal. This issue affects OBS: before 24.0927. | ||||
| CVE-2025-13593 | 1 Synology | 1 Activeprotect Agent | 2026-06-02 | 6.1 Medium |
| Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation. | ||||
| CVE-2024-8429 | 2026-06-02 | 4.3 Medium | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials. This issue affects WiFiBurada: before 1.0.5. | ||||