Export limit exceeded: 356420 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 82878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (82878 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34358 | 1 Ctrlpanel-gg | 1 Panel | 2026-05-20 | 8.1 High |
| CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any authenticated user to bypass RBAC via direct POST/PATCH requests. Controllers missing checks on write methods store() and update() include ApplicationApiController (admin.api.write), CouponController (admin.coupons.write), PartnerController (admin.partners.write), ShopProductController (admin.store.write), UsefulLinkController (admin.useful_links.write), and VoucherController (admin.voucher.write); ProductController (admin.products.edit), ServerController (write/change_owner/change_identifier), and UserController (write/change_email/change_credits/change_username/change_password/change_role/change_referral/change_ptero/change_serverlimit) are missing checks on update() only, and ActivityLogController exposed empty stub store()/update() methods that silently accepted any request. An authenticated attacker without admin write privileges can issue API credentials, generate unlimited coupons and vouchers, assign arbitrary partner commission and discount rates, alter shop product pricing and limits, reassign server ownership or identifiers, and modify user accounts including roles, credits, passwords, and linked Pterodactyl IDs to achieve full privilege escalation, as well as abuse logBackIn() without the login_as permission to interfere with admin impersonation sessions. This issue has been fixed in version 1.2.0. | ||||
| CVE-2026-8958 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.6 High |
| Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8963 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8964 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8968 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8969 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.1 High |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-45584 | 1 Microsoft | 1 Malware Protection Engine | 2026-05-20 | 8.1 High |
| Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-8949 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8952 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.8 High |
| Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-24712 | 1 Northern.tech | 1 Cfengine | 2026-05-20 | 7.3 High |
| Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. | ||||
| CVE-2026-8972 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 8.8 High |
| Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-32741 | 1 Struktur | 1 Libheif | 2026-05-20 | 7.1 High |
| libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel buffer using memcpy(dst, data.data(), data.size()). The copy length data.size() is determined by the iloc extent in the file (attacker-controlled), while the destination buffer is sized based on the declared image dimensions. Because no upper-bound check exists on the data length, a crafted file whose iloc extent exceeds the pixel buffer allocation overflows the heap. The vulnerable single-memcpy branch is reached when the mskC property specifies bits_per_pixel = 8 and the ispe property declares an even width ≥ 64 (so that stride == width), with no changes to default security limits or external codec plugins required. This issue has been fixed in version 1.22.0. | ||||
| CVE-2026-26462 | 1 Sourceforge | 1 Offline Hospital Management System | 2026-05-20 | 7.3 High |
| Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands. | ||||
| CVE-2026-47784 | 1 Memcached | 1 Memcached | 2026-05-20 | 8.1 High |
| In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass. | ||||
| CVE-2026-47356 | 1 Tenable | 1 Terrascan | 2026-05-20 | 7.5 High |
| Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released. | ||||
| CVE-2026-47357 | 1 Tenable | 1 Terrascan | 2026-05-20 | 7.5 High |
| Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL as remote_url with remote_type set to "http". The URL is passed directly to hashicorp/go-getter (v1.7.5) without validation. Go-getter's HttpGetter supports the X-Terraform-Get response header, allowing the attacker's server to redirect the download to a file:// URL, enabling local file read. Additionally, HttpGetter has Netrc set to true, causing it to read ~/.netrc and send stored credentials to attacker-controlled hostnames. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released. | ||||
| CVE-2026-8960 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-20 | 7.5 High |
| Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-47358 | 1 Tenable | 1 Terrascan | 2026-05-20 | 7.5 High |
| Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates via hashicorp/go-getter with all default detectors enabled, including FileDetector. An unauthenticated remote attacker can upload an ARM template containing a templateLink.uri or parametersLink.uri field, or a CloudFormation template containing an AWS::CloudFormation::Stack TemplateURL field, pointing to an attacker-controlled URL. Terrascan will fetch the attacker-controlled URL server-side. Unlike SSRF via the remote scan endpoint, file:// URLs are directly usable without requiring an X-Terraform-Get redirect, enabling local file read. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released. | ||||
| CVE-2023-5637 | 1 Arslansoft Education Portal Project | 1 Arslansoft Education Portal | 2026-05-20 | 7.5 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable. This issue affects Education Portal: before v1.1. | ||||
| CVE-2026-34241 | 1 Ctrlpanel-gg | 1 Panel | 2026-05-20 | 8.7 High |
| CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitized reply content ($newmessage) is stored directly in database notification payloads and later rendered unescaped via Blade's {!! !!} syntax in the recipient's browser. The flaw exists in both App\Notifications\Ticket\Admin\AdminReplyNotification (triggered when a user replies, targeting admins) and App\Notifications\Ticket\User\ReplyNotification (triggered when an admin replies, targeting users), allowing arbitrary JavaScript execution in the victim's session context. A low-privileged attacker can exploit this to hijack admin sessions, harvest credentials via fake login prompts or keyloggers, and escalate privileges by performing administrative actions on the victim's behalf. The reverse path also enables a malicious or compromised admin to target regular users in the same manner. This issue has been fixed in version 1.2.0. | ||||