Export limit exceeded: 82315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (82315 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7528 | 2 Ibm, Langflow | 2 Langflow Oss, Langflow | 2026-06-02 | 7.1 High |
| IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption. | ||||
| CVE-2026-10263 | 1 Sourcecodester | 1 Computer Repair Shop Management System | 2026-06-02 | 7.3 High |
| A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2024-7143 | 2 Pulpproject, Redhat | 5 Pulp, Ansible Automation Platform, Ansible Automation Platform Inside and 2 more | 2026-06-02 | 8.3 High |
| A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing. | ||||
| CVE-2026-5065 | 1 Ibm | 1 Controller | 2026-06-02 | 8.8 High |
| IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2026-38834 | 1 Tenda | 2 W30e, W30e Firmware | 2026-06-02 | 7.3 High |
| Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2026-36045 | 1 Sipeed | 1 Picoclaw | 2026-06-02 | 7.3 High |
| picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete. | ||||
| CVE-2026-10251 | 1 Itsourcecode | 1 Online House Rental System | 2026-06-02 | 7.3 High |
| A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-70363 | 1 Ibexa | 1 Ez Platform | 2026-06-02 | 7.5 High |
| Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs. | ||||
| CVE-2023-23375 | 1 Microsoft | 6 Odbc, Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server and 3 more | 2026-06-02 | 7.8 High |
| Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | ||||
| CVE-2025-69369 | 2026-06-02 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0. | ||||
| CVE-2025-68886 | 2026-06-02 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8. | ||||
| CVE-2026-10226 | 1 Raisulislamg4 | 1 Student Management System By Php | 2026-06-02 | 7.3 High |
| A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument user_id/course_id/teacher_id/student_id/application_id can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-10220 | 1 Nousresearch | 1 Hermes-agent | 2026-06-02 | 7.3 High |
| A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-37234 | 2026-06-02 | 8.2 High | ||
| FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequent xapp_ids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak subscription state in the iApp, potentially causing resource exhaustion or state corruption over time. | ||||
| CVE-2026-10214 | 1 Zhayujie | 1 Chatgpt-on-wechat | 2026-06-02 | 7.3 High |
| A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.0.9 is capable of addressing this issue. This patch is called 16d9b449c9aa53ccee44144a762a2737d7ba4fc4. It is recommended to upgrade the affected component. | ||||
| CVE-2026-25276 | 1 Qualcomm | 115 Cq8750m, Cq8750m Firmware, Fastconnect 6700 and 112 more | 2026-06-02 | 8.8 High |
| Memory corruption while using Strongbox due to missing bounds check. | ||||
| CVE-2026-10208 | 1 Code-projects | 1 Online Hospital Management System | 2026-06-02 | 7.3 High |
| A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function login_user of the file login_1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2026-25277 | 1 Qualcomm | 115 Cq8750m, Cq8750m Firmware, Fastconnect 6700 and 112 more | 2026-06-02 | 8.8 High |
| Memory corruption while using Strongbox due to buffer overflow. | ||||
| CVE-2026-8671 | 4 Avantra, Linux, Microsoft and 1 more | 4 Avantra, Linux Kernel, Windows and 1 more | 2026-06-02 | 7.5 High |
| Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0. | ||||
| CVE-2019-25719 | 2026-06-02 | 8.6 High | ||
| Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attackers with access to an enabled Infinity network port or physical proximity to a wireless access point can modify device settings such as alarm states or alarm limits, and overwhelm the system with incoming data causing the device to reboot and lose network functionality. | ||||