Export limit exceeded: 355818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355818 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11251 | 2 Dayneks Software Industry And Trade, Daynex | 2 E-commerce Platform, Woyio | 2026-06-04 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4035 | 2 Lfprojects, Mlflow | 2 Mlflow, Mlflow/mlflow | 2026-06-04 | 7.7 High |
| A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server's environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0. | ||||
| CVE-2026-49204 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 6.5 Medium |
| Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. | ||||
| CVE-2025-11252 | 2 Signum Technology Promotion And Training, Signumtte | 2 Windesk.fm, Windesk.fm | 2026-06-04 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published. | ||||
| CVE-2026-4224 | 1 Python | 2 Cpython, Python | 2026-06-04 | 7.5 High |
| When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. | ||||
| CVE-2026-41522 | 2026-06-04 | N/A | ||
| Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql` that does not enforce the same authorization checks as the REST API. Any authenticated user can abuse it in three ways: unauthorized IOC read across cases (IDOR), bulk IOC disclosure via `case.iocs`. The `case(caseId: …).iocs` resolver returns IOCs linked to an arbitrary case without verifying the caller has access to that case, and unauthorized case creation. All three are reachable by any authenticated user, regardless of role or case ACL. This is fixed in v2.4.28. The GraphQL blueprint, resolvers, and dependencies (`graphene`, `graphene-sqlalchemy`, `graphql-server[flask]`) were removed entirely, since the feature was not in use. As a workaround, block `/graphql` at the reverse proxy (recommended) or comment out the `graphql_blueprint` import and `register_blueprint` call in `source/app/views.py` and restart. | ||||
| CVE-2025-11253 | 1 Aksis Technology | 1 Netty Erp | 2026-06-04 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection. This issue affects Netty ERP: before V.1.1000. | ||||
| CVE-2026-3644 | 1 Python | 2 Cpython, Python | 2026-06-04 | 7.5 High |
| The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output(). | ||||
| CVE-2026-36176 | 2026-06-04 | 7.1 High | ||
| GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface. | ||||
| CVE-2026-36178 | 2026-06-04 | 4.6 Medium | ||
| The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data. | ||||
| CVE-2025-67446 | 2026-06-04 | 9.8 Critical | ||
| Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication schema and gain unauthorized access to admin functionalities. | ||||
| CVE-2026-41234 | 1 Froxlor | 1 Froxlor | 2026-06-04 | 7.6 High |
| Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record line in the generated BIND zone file. This enables injection of arbitrary BIND directives (`$INCLUDE`, `$GENERATE`) and arbitrary DNS records (A, MX, CNAME) into the zone file written to disk by the DNS rebuild cron. This is an incomplete fix for CVE-2026-30932 (GHSA-x6w6-2xwp-3jh6), which patched the same newline injection for LOC, RP, SSHFP, and TLSA record types but did not patch TXT records. Version 2.3.7 contains an updated patch. | ||||
| CVE-2026-41237 | 1 Froxlor | 1 Froxlor | 2026-06-04 | N/A |
| Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to pass), TLSA `matchingType=0` has no upper bound on hex data length, and all validators return raw input without zone-file escaping. Version 2.3.7 contains an updated patch. | ||||
| CVE-2025-11950 | 2 Eduasist, Knowhy Advanced Technology Trading | 2 Eduasist, Eduasist | 2026-06-04 | 6.3 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS. This issue affects EduAsist: before v2.1. | ||||
| CVE-2025-11956 | 1 Proliz Software | 1 Obs | 2026-06-04 | 8.9 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS. This issue affects OBS (Student Affairs Information System): before 25.0401. | ||||
| CVE-2026-50205 | 1 Acer | 2 Connect M6e 5g, Connect M6e 5g Firmware | 2026-06-04 | 8.2 High |
| System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. | ||||
| CVE-2026-5078 | 1 Morgan Project | 1 Morgan | 2026-06-04 | 5.3 Medium |
| Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF bytes to inject forged log lines, breaking the one-request-per-line structure of access logs and enabling log forgery against downstream log consumers. The built-in combined, common, default, and short formats are affected, as well as any custom format that references :remote-user. Affected versions: morgan 1.2.0 through 1.10.1. Patches: upgrade to morgan 1.11.0, which neutralizes control characters in the :remote-user token output. Workarounds: use a custom format string that does not include :remote-user. | ||||
| CVE-2025-11959 | 1 Premierturk | 1 Excavation Management Information System | 2026-06-04 | 8.1 High |
| Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse. This issue affects Excavation Management Information System: before v.10.2025.01. | ||||
| CVE-2026-44654 | 2 Danny-avila, Librechat | 2 Libre Chat, Librechat | 2026-06-04 | 8.1 High |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally — not just from the shared agent — breaking the owner's other private agents that reference the same `file_id`. The private agent retains a stale `file_id` reference that no longer resolves. A shared-agent editor can destroy files that the owner uses across multiple agents. The owner's private agents — which the attacker has no access to — break silently with stale `file_id` references. This is a cross-agent integrity violation: editing access to one agent should not affect another. Version 0.8.4 contains a patch. | ||||
| CVE-2026-44653 | 2 Danny-avila, Librechat | 2 Libre Chat, Librechat | 2026-06-04 | 6.5 Medium |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets through `GET /api/mcp/servers` and `GET /api/mcp/servers/:serverName`. The returned config includes plaintext values for `apiKey.key` and `oauth.client_secret`. This allows viewers of a shared MCP server to exfiltrate the underlying provider credentials. Version 0.8..4 contains a patch. Other remediations include: never returning decrypted admin-managed secrets to non-owners; redacting apiKey.key and oauth.client_secret from all API responses consider returning only boolean presence indicators for secrets, similar to the auth-values route pattern; and, if owners need to edit configs without re-entering secrets, preserving secrets server-side and returning placeholders instead of plaintext. | ||||