Export limit exceeded: 355899 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355899 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67448 | 1 Neterbit | 1 Nw-431f Router | 2026-06-05 | 7.1 High |
| The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed. | ||||
| CVE-2025-69755 | 1 Neterbit | 1 Nw-431f Router | 2026-06-05 | 8.2 High |
| An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface | ||||
| CVE-2025-65640 | 1 Arket | 1 Globe Document Intelligence | 2026-06-05 | 6.3 Medium |
| Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating a new document. Specifically, when an authenticated attacker submits data containing JavaScript code within these fields, the application fails to properly sanitize or escape the content. As a result, the injected script is executed when the page is rendered, allowing the attacker to execute arbitrary JavaScript in the context of other users' browsers who view the affected page. | ||||
| CVE-2026-36499 | 1 Redhat | 1 Openvswitch | 2026-06-05 | 6.5 Medium |
| A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service (DoS) via resource exhaustion. | ||||
| CVE-2026-41283 | 2 Openstack, Redhat | 2 Mistral, Openstack-mistral | 2026-06-05 | 9.9 Critical |
| OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials. | ||||
| CVE-2026-35904 | 1 T3techgroup | 3 T625pro, T6825g, T7281 | 2026-06-05 | N/A |
| Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component. | ||||
| CVE-2026-35905 | 1 T3techgroup | 1 Cpe | 2026-06-05 | N/A |
| T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account. | ||||
| CVE-2026-35906 | 1 T3techgroup | 1 Cpe | 2026-06-05 | 9.6 Critical |
| An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string. | ||||
| CVE-2026-36174 | 1 Gncc | 1 Gp5 | 2026-06-05 | N/A |
| GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface. | ||||
| CVE-2026-36175 | 1 Gncc | 1 Gp5 | 2026-06-05 | 6.8 Medium |
| An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments. | ||||
| CVE-2026-36176 | 1 Gncc | 1 Gp5 | 2026-06-05 | 7.1 High |
| GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface. | ||||
| CVE-2026-36178 | 1 Gncc | 1 Gp5 | 2026-06-05 | 4.6 Medium |
| The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data. | ||||
| CVE-2026-7764 | 2 Morse Micro, Morsemicro | 2 Halowlink 2, Halow Link 2 | 2026-06-05 | 6.8 Medium |
| An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service (kernel oops/panic) via a crafted 802.11ah beacon or probe response frame containing a malformed Vendor Information Element. The function morse_vendor_find_vendor_ie() does not validate the IE length against the expected structure size before its result is passed to morse_vendor_rx_caps_ops_ie() and morse_vendor_fill_sta_vendor_info(), which read at fixed offsets into the IE data. Because the length check only requires the IE to be longer than 3 bytes, an attacker can supply an undersized IE, causing a heap out-of-bounds read of up to 9 bytes. No authentication, association, or user interaction is required. | ||||
| CVE-2026-8829 | 1 Oalders | 1 Html::entities | 2026-06-05 | 7.5 High |
| HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation. The read may disclose adjacent heap contents into the destination SV. | ||||
| CVE-2026-41858 | 1 Cloud Foundry Foundation | 1 Windows-utilities-release | 2026-06-05 | 6.5 Medium |
| Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomize_password job exists solely to lock the local Administrator account behind an unguessable password as a hardening control. Because the password is derived from a predictable, clock-seeded PRNG, a network attacker who can estimate VM boot time can reconstruct a small candidate list and recover the Administrator password, defeating the hardening control. Affected versions: - windows-utilities-release: all versions prior to v0.23.0 (inclusive); fixed in v0.23.0 or later | ||||
| CVE-2026-49185 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. | ||||
| CVE-2026-49186 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands. | ||||
| CVE-2026-49187 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.5 High |
| The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. | ||||
| CVE-2026-49188 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 9.8 Critical |
| The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands. | ||||
| CVE-2026-10805 | 1 Redhat | 8 Enterprise Linux, Jboss Enterprise Application Platform Expansion Pack, Jbosseapxp and 5 more | 2026-06-05 | 6.7 Medium |
| A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL, provided an administrator has explicitly configured NetworkManager to use dhclient. This issue does not affect default configurations of NetworkManager. | ||||