Export limit exceeded: 355297 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355297 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44461 | 2 Zed, Zed-industries | 2 Zed, Zed | 2026-06-03 | 8.6 High |
| Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key (for example via project terminal settings), shell expansions in the key (such as $(...)) are evaluated by the remote shell when a terminal is opened. This can lead to arbitrary command execution on the remote host under the victim user's account. This vulnerability is fixed in 0.227.1. | ||||
| CVE-2026-45017 | 1 Jg-rp | 2 Liquid, Python Liquid | 2026-06-03 | 7.5 High |
| Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process. This vulnerability is fixed in 2.2.0. | ||||
| CVE-2026-40361 | 1 Microsoft | 10 365 Apps, Office, Office 2019 and 7 more | 2026-06-03 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-42029 | 2026-06-02 | N/A | ||
| This CVE is a duplicate of another CVE. | ||||
| CVE-2025-32348 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-5509 | 1 Tp-link | 6 Archer Be450, Archer Be450 Firmware, Archer Be450 V1 and 3 more | 2026-06-02 | 7.2 High |
| An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the browser’s developer console by supplying a crafted input that is passed to backend system commands without adequate sanitization. Successful exploitation enables execution of arbitrary commands with elevated privileges on the device, which may allow the attacker to start unauthorized services, modify system configuration, or otherwise fully compromise the router’s operating environment. | ||||
| CVE-2022-34151 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2026-06-02 | 9.4 Critical |
| Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. | ||||
| CVE-2022-33971 | 1 Omron | 104 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 101 more | 2026-06-02 | 8.3 High |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. | ||||
| CVE-2021-21974 | 1 Vmware | 2 Cloud Foundation, Esxi | 2026-06-02 | 8.8 High |
| OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. | ||||
| CVE-2020-6986 | 1 Omron | 4 Plc Cj1, Plc Cj1 Firmware, Plc Cj2 and 1 more | 2026-06-02 | 7.5 High |
| In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result. | ||||
| CVE-2020-27285 | 1 Redlion | 1 Crimson | 2026-06-02 | 6.5 Medium |
| The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication. | ||||
| CVE-2020-27283 | 1 Redlion | 1 Crimson | 2026-06-02 | 5.3 Medium |
| An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations. | ||||
| CVE-2020-27279 | 1 Redlion | 1 Crimson | 2026-06-02 | 7.5 High |
| A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001). | ||||
| CVE-2019-9201 | 1 Phoenixcontact | 16 Axc 1050, Axc 1050 Firmware, Ilc 131 Eth and 13 more | 2026-06-02 | 9.8 Critical |
| Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. | ||||
| CVE-2019-18269 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2026-06-02 | 8.6 High |
| Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. | ||||
| CVE-2019-13533 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2026-06-02 | 8.1 High |
| In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. | ||||
| CVE-2019-10996 | 1 Redlion | 1 Crimson | 2026-06-02 | 7.8 High |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. | ||||
| CVE-2019-10990 | 1 Redlion | 1 Crimson | 2026-06-02 | 6.5 Medium |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | ||||
| CVE-2019-10984 | 1 Redlion | 1 Crimson | 2026-06-02 | 7.8 High |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. | ||||
| CVE-2019-10978 | 1 Redlion | 1 Crimson | 2026-06-02 | 3.3 Low |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. | ||||