Export limit exceeded: 355187 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355187 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40495 | 1 Fossbilling | 1 Fossbilling | 2026-06-03 | N/A |
| FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hide_version_public` security setting. The FOSSBilling version is embedded in the query string of every `<script>` and `<link>` tag generated by the `script_tag` and `stylesheet_tag` Twig filters. This information is visible to all visitors — including unauthenticated guests — on every page, regardless of whether the `hide_version_public` setting is enabled. The `X-FOSSBilling-Version` HTTP header and the `guest.system.version` API endpoint correctly honour the `hide_version_public` setting, but the asset cache buster parameters were overlooked. Knowledge of the exact FOSSBilling version makes it significantly easier for malicious actors to identify known vulnerabilities applicable to a given installation and craft targeted exploits. While not a direct vulnerability on its own, it undermines the intended protection offered by the `hide_version_public` setting and facilitates reconnaissance. Version 0.8.0 contains a patch. There is no practical workaround that removes the version from asset URLs without modifying source code. | ||||
| CVE-2026-37700 | 1 Maxsite | 1 Maxsite Cms | 2026-06-03 | N/A |
| Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page | ||||
| CVE-2026-10771 | 1 Crmeb | 1 Crmeb Java | 2026-06-03 | 7.3 High |
| A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request forgery. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-42507 | 1 Golang | 1 Net | 2026-06-03 | 5.3 Medium |
| When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged. | ||||
| CVE-2026-36748 | 2026-06-03 | 9 Critical | ||
| RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | ||||
| CVE-2026-48501 | 2 Cli, Github | 2 Cli, Cli | 2026-06-03 | 7.4 High |
| GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authentication layer that automatically attaches tokens to outgoing requests. This layer lacks accurate host detection and can incorrectly attribute the target host, providing it with a token it should never receive. Specifically, the host normalization logic collapses any *.github.com subdomain to github.com, so a request to tuf-repo.github.com (a GitHub Pages site, not a GitHub API endpoint) is treated as a request to github.com and receives the user's github.com token. For hosts that don't match github.com or a known GHES instance at all, the resolver falls back to GH_ENTERPRISE_TOKEN if set. The gh attestation, gh release verify and gh release verify-asset commands fetch data from several external hosts as part of their normal operation (TUF metadata from tuf-repo.github.com and tuf-repo-cdn.sigstore.dev, artifact bundles from Azure Blob Storage). Because these requests go through the same authenticated HTTP client, the token is sent to all of them. This vulnerability is fixed in 2.93.0. | ||||
| CVE-2026-30652 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2026-06-03 | 8.8 High |
| A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device. | ||||
| CVE-2026-10629 | 1 Verizon | 1 Volte | 2026-06-03 | 7.4 High |
| SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network. | ||||
| CVE-2025-70100 | 1 Gkostka | 1 Lwext4 | 2026-06-03 | 5.5 Medium |
| A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount or image processing and leads to a Floating-Point Exception (FPE) under sanitizers or a runtime crash in standard builds due to missing validation of lb_size. | ||||
| CVE-2026-36576 | 2026-06-03 | 9.8 Critical | ||
| An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request. | ||||
| CVE-2026-36605 | 2026-06-03 | 6.5 Medium | ||
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover. | ||||
| CVE-2026-36606 | 2026-06-03 | 7.1 High | ||
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials. | ||||
| CVE-2026-36607 | 2026-06-03 | 8.8 High | ||
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied to the login endpoint (code=7). An attacker on the adjacent network can attempt unlimited passwords without triggering account lockout. | ||||
| CVE-2026-36608 | 2026-06-03 | 8.8 High | ||
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or localhost (127.0.0.1) as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the internet with a single SOAP request. | ||||
| CVE-2026-36615 | 2026-06-03 | 4.3 Medium | ||
| Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network. | ||||
| CVE-2026-26378 | 1 Koha-community | 1 Koha | 2026-06-03 | N/A |
| Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features | ||||
| CVE-2026-8881 | 2026-06-03 | N/A | ||
| Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching. | ||||
| CVE-2025-59606 | 1 Qualcomm | 283 Cologne, Cologne Firmware, Cq7790 and 280 more | 2026-06-03 | 7.8 High |
| Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. | ||||
| CVE-2026-40425 | 2 Danelec, Macgregor | 3 Macgregor Voyage Data Recorder (vdr) G4e, Interschalt Vdr G4e, Interschalt Vdr G4e Firmware | 2026-06-03 | 5.7 Medium |
| The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password. | ||||
| CVE-2026-46775 | 1 Oracle | 1 Rest Data Services | 2026-06-03 | 9.9 Critical |
| Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle REST Data Services. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||