Export limit exceeded: 355159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355159 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 39 Ubuntu Linux, Debian Linux, Fedora and 36 more | 2026-06-03 | 7.8 High |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | ||||
| CVE-2024-5958 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2026-06-03 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection. This issue affects Panel: before v2.3.24. | ||||
| CVE-2024-5959 | 1 Elizsoftware | 1 Panel | 2026-06-03 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS. This issue affects Panel: before v2.3.24. | ||||
| CVE-2021-4479 | 1 Draeger | 1 Atlan A350 | 2026-06-03 | 4 Medium |
| Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload the internal processor, gradually disrupting device operation over several hours and causing loss of data transmission, delayed display of real-time curves, and deviation between displayed airway pressure values and screen curves. | ||||
| CVE-2024-5960 | 2 Eliz Software, Elizsoftware | 2 Panel, Panel | 2026-06-03 | 9.8 Critical |
| Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials. This issue affects Panel: before v2.3.24. | ||||
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2026-06-03 | 7.5 High |
| Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | ||||
| CVE-2026-47265 | 1 Aio-libs | 1 Aiohttp | 2026-06-03 | N/A |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Version 3.14.0 patches the issue. If unable to upgrade, using a `Cookie` header in the `headers` parameter is not vulnerable. | ||||
| CVE-2026-35202 | 1 Pterodactyl | 1 Panel | 2026-06-03 | N/A |
| Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Version 1.12.3 patches the issue. | ||||
| CVE-2026-10620 | 1 Code-projects | 1 Student Admission System | 2026-06-03 | 7.3 High |
| A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-49448 | 1 Goauthentik | 1 Authentik | 2026-06-03 | 9.8 Critical |
| authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1. | ||||
| CVE-2022-4992 | 1 Draeger | 2 Infinity Acute Care System, Standalone Infinity M540 Patient Monitor | 2026-06-03 | 8.6 High |
| Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service conditions. Attackers can compromise network communications to modify device settings such as alarm states or alarm limits, or overwhelm the system with excessive network traffic causing the Cockpit or M540 to reboot and lose network functionality. | ||||
| CVE-2026-10688 | 1 Ahujasid | 1 Blender-mcp | 2026-06-03 | 5.5 Medium |
| A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10703 | 1 Eipstackgroup | 1 Opener | 2026-06-03 | 6.3 Medium |
| A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-41032 | 2 Phoenix Contact, Phoenixcontact | 8 Charx Sec-3000 Firmware, Charx Sec-3050 Firmware, Charx Sec-3100 Firmware and 5 more | 2026-06-03 | 7.5 High |
| It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. | ||||
| CVE-2024-6401 | 2 Sfs, Sfs Consulting | 2 Insuree Gl, Insuree Gl | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection. This issue affects InsureE GL: before 4.6.2. | ||||
| CVE-2024-6406 | 2026-06-03 | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data. This issue affects Mobile Library Application: before 5.0. | ||||
| CVE-2025-14773 | 2026-06-03 | 8 High | ||
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | ||||
| CVE-2024-6445 | 1 Dataflowx | 1 Datadiodex | 2026-06-03 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal. This issue affects DataDiodeX: from v3.0.0 before v3.1.7. | ||||
| CVE-2026-10694 | 1 Sourcecodester | 1 Online Food Ordering System | 2026-06-03 | 7.3 High |
| A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2024-6656 | 2 Tnb Mobile Solutions, Tnbmobil | 2 Cockpit Software, Cockpit | 2026-06-03 | 9.8 Critical |
| Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13. | ||||