Export limit exceeded: 355348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24309 | 1 Sap | 2 Netweaver Application Server Abap, Netweaver Application Server For Abap | 2026-06-03 | 6.4 Medium |
| Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality. | ||||
| CVE-2026-10122 | 1 Trendnet | 1 Tew-432brp | 2026-06-03 | 8.8 High |
| A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-46261 | 1 Linux | 1 Linux Kernel | 2026-06-03 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which would cause a crash when passed the pointer to resource_size(). Move the fiu->memory_size assignment after the error check for devm_ioremap_resource() to prevent the potential NULL pointer dereference. | ||||
| CVE-2019-25634 | 1 4mhz | 1 Base64 Decoder | 2026-06-03 | 8.4 High |
| Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution. | ||||
| CVE-2026-10202 | 1 Ofcms | 1 Ofcms | 2026-06-03 | 6.3 Medium |
| A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-47294 | 1 Microsoft | 5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more | 2026-06-03 | 8 High |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-35717 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2026-06-03 | 6.3 Medium |
| A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export_language.cgi endpoint. The handler passes the attacker-controlled Content-Length value directly to fread() as the read size into a fixed-size 0x60-byte stack buffer, overwriting the saved link register. The binary is compiled without stack canaries. | ||||
| CVE-2026-30649 | 1 Vivotek | 3 Fd8136, Fd8136-vvtk-0300a, Fd8136 Firmware | 2026-06-03 | 7.3 High |
| Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component | ||||
| CVE-2026-30650 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2026-06-03 | 8.8 High |
| A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely. | ||||
| CVE-2026-35716 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2026-06-03 | 6.3 Medium |
| A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or /cgi-bin/admin/setmd_profile.cgi endpoint (all symlinks to the same binary). The parameter value is copied into a fixed-size 0xa4-byte stack buffer without bounds checking, overwriting the saved link register. The binary is compiled without stack canaries. | ||||
| CVE-2026-45323 | 1 Jpettitt | 2 Meshcore-card, Meshcore Card | 2026-06-03 | 9.6 Critical |
| MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect (repeated) radio range to execute arbitrary javascript in the Home Assistant frontend of anyone viewing the card. This vulnerability is fixed in 0.3.3. | ||||
| CVE-2026-40135 | 2 Sap, Sap Se | 2 Netweaver Application Server Abap, Sap Netweaver Application Server Abap And Abap Platform | 2026-06-03 | 6.5 Medium |
| An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality. | ||||
| CVE-2025-64390 | 1 Sony | 1 Ps4 | 2026-06-03 | 7.4 High |
| A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file. | ||||
| CVE-2026-36602 | 2026-06-03 | N/A | ||
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation. | ||||
| CVE-2026-36603 | 2026-06-03 | N/A | ||
| Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary port forwarding rules and access WAN traffic statistics. | ||||
| CVE-2026-9791 | 1 Redhat | 3 Build Keycloak, Build Of Keycloak, Keycloak | 2026-06-03 | 4.3 Medium |
| A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers. | ||||
| CVE-2026-9793 | 1 Redhat | 3 Build Keycloak, Build Of Keycloak, Keycloak | 2026-06-03 | 5.9 Medium |
| A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leading to a compromise of data integrity within the OpenID Connect (OIDC) authorization flow. While a redirect URI allowlist acts as a compensating control, this vulnerability violates OIDC Core and Financial-grade API (FAPI) signing requirements. | ||||
| CVE-2026-10115 | 1 Open5gs | 1 Open5gs | 2026-06-03 | 4.3 Medium |
| A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be used. It is advisable to implement a patch to correct this issue. | ||||
| CVE-2026-10152 | 1 Talelin | 1 Lin-cms-spring-boot | 2026-06-03 | 6.3 Medium |
| A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-34126 | 2 Tp-link, Tp Link | 7 Tapo D100c, Tapo D100c Firmware, Tapo L535e and 4 more | 2026-06-03 | 7.5 High |
| TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. An attacker within the Bluetooth range could exploit this behavior using Bluetooth sniffing or man-in-the-middle techniques, which may allow eavesdropping on Bluetooth communication, manipulate transmitted setup data and potentially gain unauthorized control of the device during initialization. D100C is the chime delivered with your Tapo camera, and it is delivered with the following Tapo products: D130, D210, D235, D225, TD21, TDB21 and TD25 | ||||