Export limit exceeded: 11912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11912 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42010 | 2 Gnu, Redhat | 14 Gnutls, Discovery, Enterprise Linux and 11 more | 2026-06-29 | 7.1 High |
| A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process. | ||||
| CVE-2025-3155 | 3 Debian, Gnome, Redhat | 25 Debian Linux, Yelp, Codeready Linux Builder and 22 more | 2026-06-29 | 7.4 High |
| A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. | ||||
| CVE-2026-13757 | 1 Redhat | 3 Enterprise Linux, Hummingbird, Openshift | 2026-06-29 | 6.2 Medium |
| A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. An unauthenticated attacker with local access to the p11-kit RPC Unix domain socket can send a specially crafted request with deeply nested template attributes, causing stack exhaustion and crashing the p11-kit server process and its dependent services. | ||||
| CVE-2025-13609 | 1 Redhat | 4 Enterprise Linux, Enterprise Linux Eus, Rhel E4s and 1 more | 2026-06-29 | 8.2 High |
| A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls. | ||||
| CVE-2026-57912 | 1 Johnson & Johnson | 1 Campus Recruiting | 2026-06-29 | 7.5 High |
| Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers. | ||||
| CVE-2026-57913 | 1 Johnson & Johnson | 1 Audit Tracking Management System | 2026-06-29 | 7.5 High |
| Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allows viewing of meeting minutes and transcripts. | ||||
| CVE-2025-66123 | 2 About Envato, Wordpress | 2 Bookpro, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. | ||||
| CVE-2026-54839 | 2 Kingaddons, Wordpress | 2 Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions. | ||||
| CVE-2026-56069 | 2 Site Building With Toolset, Wordpress | 2 Toolset Forms, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions. | ||||
| CVE-2026-57665 | 2 Gravitykit, Wordpress | 2 Gravityview, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | ||||
| CVE-2026-57231 | 1 Podman-container-tools | 1 Podman | 2026-06-29 | 7.5 High |
| Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0. | ||||
| CVE-2026-55686 | 1 Podman-container-tools | 1 Podman | 2026-06-29 | 5.3 Medium |
| Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1. | ||||
| CVE-2026-56876 | 1 Max-mapper | 1 Extract-zip | 2026-06-29 | 8.1 High |
| extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files. | ||||
| CVE-2026-57676 | 2 Matteo Manna, Wordpress | 2 Simple User Avatar, Wordpress | 2026-06-29 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9. | ||||
| CVE-2026-56048 | 1 Wordpress | 2 Payment Gateway Based Fees And Discounts For Woocommerce, Wordpress | 2026-06-29 | 6.5 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions. | ||||
| CVE-2026-57630 | 2 Creativethemes, Wordpress | 2 Blocksy Companion, Wordpress | 2026-06-29 | 5.3 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions. | ||||
| CVE-2026-57943 | 1 Librephotos Project | 1 Librephotos | 2026-06-29 | 5.9 Medium |
| LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate shared_to relations without proper owner checks to read arbitrary private photos belonging to other users. | ||||
| CVE-2026-57956 | 2026-06-29 | 6.4 Medium | ||
| SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules belonging to other organizations by exploiting the missing tenant isolation check, bypassing multi-tenant access controls. | ||||
| CVE-2026-10820 | 2 Properfraction, Wordpress | 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress | 2026-06-29 | 8.1 High |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference. | ||||
| CVE-2026-12417 | 2 Pravel, Wordpress | 2 Signup & Signin, Wordpress | 2026-06-29 | 9.8 Critical |
| The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the `pravel_change_password()` AJAX handler — registered via `wp_ajax_nopriv_pravel_change_password` and therefore accessible to unauthenticated users — performing no nonce verification, no capability check, and only a loose equality check between an attacker-supplied `reset_activation_code` POST parameter and the target user's `forgot_email` user meta value; when a user has never initiated a password reset, `get_user_meta()` returns an empty string that trivially satisfies this check against an omitted or empty attacker-supplied code. This makes it possible for unauthenticated attackers to change the password of any WordPress user, including administrators, by sending a crafted POST request to `admin-ajax.php` with `action=pravel_change_password`, `reset_user_id` set to the target account's user ID, and `new_password_custom` set to an attacker-chosen password. Successful exploitation allows the attacker to authenticate with the newly set password and fully take over the targeted account, achieving administrator-level privilege escalation on the affected site. | ||||