Export limit exceeded: 355159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355159 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9689 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-06-03 | 4.2 Medium |
| A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources. | ||||
| CVE-2026-9704 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-06-03 | 6.8 Medium |
| A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation. | ||||
| CVE-2026-23638 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 6.5 Medium |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2025-70101 | 1 Gkostka | 1 Lwext4 | 2026-06-03 | N/A |
| An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before performing a binary search over extent index entries, which can result in invalid pointer calculations and an out-of-bounds memory read during extent tree traversal. | ||||
| CVE-2024-47273 | 2026-06-03 | 4.3 Medium | ||
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors. | ||||
| CVE-2026-24751 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 8.2 High |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-24752 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 8.2 High |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-36748 | 2026-06-03 | N/A | ||
| RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | ||||
| CVE-2026-24753 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 6.5 Medium |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-24754 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 5.4 Medium |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-24755 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 5.4 Medium |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-10584 | 1 Aws | 1 Graph Explorer | 2026-06-03 | 5.9 Medium |
| Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer v3.0.1 or later. | ||||
| CVE-2026-24756 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 4.3 Medium |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-24761 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 3.7 Low |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-24782 | 2 Accellion, Kiteworks | 2 Kiteworks, Secure Data Forms | 2026-06-03 | 7.6 High |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global configuration parameters. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-5463 | 2 Dan Mcinerney, Danmcinerney | 2 Pymetasploit3, Pymetasploit3 | 2026-06-03 | 8.6 High |
| Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions. | ||||
| CVE-2026-39808 | 1 Fortinet | 3 Fortisandbox, Fortisandbox Paas, Fortisandboxpaas | 2026-06-03 | 9.1 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here> | ||||
| CVE-2026-48917 | 2 Jenkins, Jenkins Project | 2 Ldap, Jenkins Ldap Plugin | 2026-06-03 | 6.6 Medium |
| Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation. | ||||
| CVE-2026-0075 | 1 Google | 1 Android | 2026-06-03 | 7.8 High |
| In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0077 | 1 Google | 1 Android | 2026-06-03 | 7.8 High |
| In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||