Export limit exceeded: 25472 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25472 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39829 | 1 Golang | 1 Ssh | 2026-05-22 | 7.5 High |
| The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2. | ||||
| CVE-2026-26147 | 1 Microsoft | 1 Azure Stack Hci | 2026-05-22 | 7.7 High |
| Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-40411 | 1 Microsoft | 1 Azure Virtual Network Gateway | 2026-05-22 | 9.9 Critical |
| Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-39824 | 2026-05-22 | N/A | ||
| NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error. | ||||
| CVE-2026-3294 | 2026-05-22 | N/A | ||
| An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability. | ||||
| CVE-2025-67493 | 2 Homarr, Homarr-labs | 2 Homarr, Homarr | 2026-05-22 | 7.5 High |
| Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue. | ||||
| CVE-2026-40166 | 1 Goauthentik | 1 Authentik | 2026-05-22 | N/A |
| authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the client_secret of confidential OAuth2 providers they have previously authenticated against, exposing sensitive information to users without the correct permissions. This logic is GET /api/v3/oauth2/access_tokens/. The API response includes a nested provider object containing client_id and client_secret for providers configured with client_type: confidential, which should not be accessible to low-privilege users. This issue has been fixed in versions 2025.12.5 and 2026.2.3. | ||||
| CVE-2026-34207 | 2026-05-22 | 7.6 High | ||
| TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It does not resolve DNS before allowing the request. As a result, a hostname such as ssrf-repro.example that resolves to 127.0.0.1, 169.254.169.254, or RFC1918/private space passes validation and is later fetched by the backend HTTP client. This enables server-side request forgery to loopback, cloud metadata, and private network targets. This issue has been resolved in version 3.16.0. | ||||
| CVE-2026-6973 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-05-22 | 7.2 High |
| An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution. | ||||
| CVE-2026-5091 | 1 Jjnapiork | 1 Catalyst::plugin::authentication | 2026-05-22 | 5.1 Medium |
| Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password. | ||||
| CVE-2026-44417 | 1 Apache | 1 Cxf | 2026-05-22 | 7.5 High |
| The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue. | ||||
| CVE-2026-44409 | 1 Zte | 1 Mu5250 | 2026-05-22 | 5.7 Medium |
| There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure. | ||||
| CVE-2026-7636 | 2 Smub, Wordpress | 2 Slider By Soliloquy – Responsive Image Slider For Wordpress, Wordpress | 2026-05-22 | 4.3 Medium |
| The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map_meta_cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract draft slider metadata including unpublished media URLs, captions, and slider configuration authored by administrators or editors. | ||||
| CVE-2026-3636 | 1 Mattermost | 1 Mattermost | 2026-05-22 | 4.3 Medium |
| Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API endpoints.. Mattermost Advisory ID: MMSA-2026-00626 | ||||
| CVE-2026-34910 | 1 Ubiquiti | 31 Efg, Envr, Envr-core and 28 more | 2026-05-22 | 10 Critical |
| A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | ||||
| CVE-2026-33000 | 1 Ubiquiti | 1 Unifi Os | 2026-05-22 | 9.1 Critical |
| A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | ||||
| CVE-2026-6826 | 1 Concretecms | 1 Concrete Cms | 2026-05-22 | N/A |
| Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller. Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/{fID} with any file ID and receive a list of every page that references that file, including page IDs, handles, and full URLs. This includes pages that are otherwise restricted by permissions.The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.9 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks Eldudareeno for reporting. | ||||
| CVE-2026-40161 | 2 Linuxfoundation, Tektoncd | 2 Tekton Pipelines, Pipeline | 2026-05-21 | 7.7 High |
| Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue. | ||||
| CVE-2026-42283 | 1 Devspace | 1 Devspace | 2026-05-21 | 7.7 High |
| DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use their browser to establish a cross-origin WebSocket connection to ws://127.0.0.1:8090. This vulnerability is fixed in 6.3.21. | ||||
| CVE-2026-20240 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2026-05-21 | 7.1 High |
| In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories. | ||||