Export limit exceeded: 357114 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357114 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9210 | 1 Netgear | 31 Ex3700, Ex3800, Ex6120 and 28 more | 2026-06-09 | N/A |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-0417 | 1 Netgear | 27 Mr60, Mr70, Mr80 and 24 more | 2026-06-09 | N/A |
| Insufficient input validation vulnerability in NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity. | ||||
| CVE-2026-0418 | 1 Netgear | 35 Cbr750, Ex6120, Ex6130 and 32 more | 2026-06-09 | N/A |
| Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system. | ||||
| CVE-2026-0413 | 1 Netgear | 14 Rbe37x, Rbe77x, Rbr750 and 11 more | 2026-06-09 | N/A |
| Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-0414 | 1 Netgear | 1 Rbe97x | 2026-06-09 | N/A |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-0415 | 1 Netgear | 13 Rbe97x, Rbr750, Rbr840 and 10 more | 2026-06-09 | N/A |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-0411 | 1 Netgear | 4 Rbe97x, Rbr350, Rbr760 and 1 more | 2026-06-09 | N/A |
| An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue. | ||||
| CVE-2026-9212 | 1 Netgear | 25 Lbr1020, Lbr20, R6700ax and 22 more | 2026-06-09 | N/A |
| Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations. | ||||
| CVE-2026-46492 | 1 Commenthol | 1 Md-fileserver | 2026-06-09 | 7.2 High |
| md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including <script> tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution in the context of the affected domain. This issue has been patched in version 1.10.3. | ||||
| CVE-2026-22926 | 1 Omnissa | 1 Omnissa Workspace One Assist For Macos | 2026-06-09 | 7.8 High |
| Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability. | ||||
| CVE-2026-26142 | 1 Microsoft | 4 Nuance Powerscribe 360, Nuance Powerscribe One, Powerscribe One Version 2023.1 Sp2 and 1 more | 2026-06-09 | 9.8 Critical |
| Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-42987 | 1 Microsoft | 12 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 9 more | 2026-06-09 | 8.1 High |
| Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-49475 | 1 Signalwire | 1 Freeswitch | 2026-06-09 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0. | ||||
| CVE-2026-11577 | 1 Redhat | 8 Build Keycloak, Build Of Keycloak, Data Grid and 5 more | 2026-06-09 | 7.2 High |
| A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm administrator by importing users with realm-admin role mappings. | ||||
| CVE-2026-45458 | 1 Microsoft | 11 365 Apps, Office 2019, Office 2021 and 8 more | 2026-06-09 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-8365 | 2 Creativethemes, Wordpress | 2 Blocksy, Wordpress | 2026-06-09 | 8.8 High |
| The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksy_sanitize_post_meta_options() function, which only blocks values containing '<' or '>' and does not prevent serialized PHP object strings from being stored in post meta, combined with the SearchReplacer::run_recursively() function unconditionally deserializing all string values via @unserialize() during migration without restricting allowed classes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a serialized Blocksy\RaiiPattern object into post meta that, when the V200 migration runs on an upgraded site, is deserialized and triggers RaiiPattern::__destruct(), which executes arbitrary PHP callables via call_user_func(). | ||||
| CVE-2017-20245 | 2 Wordpress, Wow-company | 2 Wordpress, Viral-signup | 2026-06-09 | 8.2 High |
| Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database. | ||||
| CVE-2026-8045 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2026-06-09 | N/A |
| CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints. | ||||
| CVE-2026-44814 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-09 | 5.5 Medium |
| Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-44813 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-09 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||