Export limit exceeded: 355357 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355357 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7421 | 2 Passeum, Wordpress | 2 Passeum Ticketing, Wordpress | 2026-06-03 | 4.4 Medium |
| The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the `get_shop_url()` method returning the `shop_name` setting value without sanitization when it begins with "http", combined with insufficient validation in the `validate_shop_name()` function which only checks for empty values and string type. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary external scripts by setting the `shop_name` to an attacker-controlled URL (e.g., `https://attacker.com`), which causes the plugin to enqueue external JavaScript and CSS from the attacker-controlled domain via `wp_register_script()` and `wp_register_style()`. The injected scripts execute on every frontend page containing any Passeum Ticketing shortcode, affecting all site visitors. Please note that this does not affect single-site installations as administrators already have the `unfiltered_html` capability. | ||||
| CVE-2026-34077 | 1 Remix-run | 2 React-router, Turbo-stream | 2026-06-03 | 7.5 High |
| React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS) vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not impact applications that are not using the unstable RSC APIs in React Router. This is patched in version 7.13.2. | ||||
| CVE-2026-41577 | 1 Goauthentik | 1 Authentik | 2026-06-03 | N/A |
| authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expired assertions and acceptance of assertions intended for other service providers. This issue has been patched in versions 2025.12.5 and 2026.2.3. | ||||
| CVE-2026-10693 | 1 Sourcecodester | 1 Online Boat Reservation System | 2026-06-03 | 6.3 Medium |
| A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected. | ||||
| CVE-2026-35085 | 1 Mbs | 18 Double A Profibus Firmware, Double A X Link Firmware, Double X Can Firmware and 15 more | 2026-06-03 | 8.8 High |
| A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. | ||||
| CVE-2026-35081 | 1 Mbs | 18 Double A Profibus Firmware, Double A X Link Firmware, Double X Can Firmware and 15 more | 2026-06-03 | 8.1 High |
| The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. | ||||
| CVE-2026-35080 | 1 Mbs | 18 Double A Profibus Firmware, Double A X Link Firmware, Double X Can Firmware and 15 more | 2026-06-03 | 8.1 High |
| The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||||
| CVE-2026-35079 | 1 Mbs | 18 Double A Profibus Firmware, Double A X Link Firmware, Double X Can Firmware and 15 more | 2026-06-03 | 8.1 High |
| The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||||
| CVE-2026-35076 | 1 Mbs | 18 Double A Profibus Firmware, Double A X Link Firmware, Double X Can Firmware and 15 more | 2026-06-03 | 8.1 High |
| The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||||
| CVE-2026-31942 | 1 Danny-avila | 1 Libre Chat | 2026-06-03 | 7.1 High |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread operator after setting the authenticated user's ID, any authenticated user can inject a userId parameter in the request body to overwrite any other user's API keys (e.g., OpenAI, Anthropic, Azure). This allows an attacker to replace a victim's API key configuration, potentially routing the victim's conversations through attacker-controlled keys or denying service by providing invalid keys. This is patched in version 0.8.3-rc1. | ||||
| CVE-2026-10719 | 1 Seagate | 1 Open Seachest | 2026-06-03 | N/A |
| Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte. | ||||
| CVE-2021-22659 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 Firmware | 2026-06-03 | 7.5 High |
| Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user. | ||||
| CVE-2026-4035 | 1 Mlflow | 1 Mlflow/mlflow | 2026-06-03 | N/A |
| A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0. | ||||
| CVE-2026-10718 | 1 Seagate | 1 Open Seachest | 2026-06-03 | N/A |
| Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 bytes outside of the allocated space when running this operation. | ||||
| CVE-2025-14771 | 2026-06-03 | 9.9 Critical | ||
| Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||
| CVE-2026-48596 | 1 Elixir-tesla | 1 Tesla | 2026-06-03 | N/A |
| Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_param/2. Tesla.Multipart.add_content_type_param/2 appends caller-supplied strings to the multipart content_type_params list without validating for CR (\r) or LF (\n) characters. Tesla.Multipart.headers/1 then joins these params verbatim with "; " to construct the outgoing Content-Type header value. A param containing \r\n splits the header line, allowing arbitrary headers to be injected into the outbound HTTP request. Any application that forwards untrusted input (such as a user-supplied charset or parameter string) into add_content_type_param/2 is affected. This issue affects tesla: from 0.8.0 before 1.18.3. | ||||
| CVE-2026-10717 | 1 Seagate | 1 Open Seachest | 2026-06-03 | N/A |
| Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect response length. | ||||
| CVE-2026-10622 | 1 Collibra | 2 Collibra Platform (on-prem), Collibra Platform (saas) | 2026-06-03 | 8.2 High |
| Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints. | ||||
| CVE-2025-14772 | 2026-06-03 | 8.8 High | ||
| Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||
| CVE-2025-14774 | 2026-06-03 | 7.4 High | ||
| Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||