Export limit exceeded: 357811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357811 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42653 | 2 Iova.mihai, Wordpress | 2 Slicewp, Wordpress | 2026-06-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6. | ||||
| CVE-2026-45174 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Endpoint Privileged Manager, Idira Endpoint Privilege Manager | 2026-06-12 | N/A |
| Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 | ||||
| CVE-2026-45173 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Identity Browser Extensions, Identity Browser Extensions | 2026-06-12 | N/A |
| Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21 | ||||
| CVE-2026-45172 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Privileged Session Manager, Pam Self-hosted Privilege Cloud | 2026-06-12 | N/A |
| Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18 | ||||
| CVE-2026-45171 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Privileged Session Manager, Privileged Session Manager Vault | 2026-06-12 | N/A |
| Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-18 | ||||
| CVE-2026-45170 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Pam Sh Connector, Pam Sh Connector | 2026-06-12 | N/A |
| Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17 | ||||
| CVE-2026-47365 | 2 Webpros, Wordpress | 2 Wordpress-toolkit, Wordpress | 2026-06-12 | 9.9 Critical |
| Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account. | ||||
| CVE-2026-47367 | 1 Ubiquiti | 1 Uid Enterprise Agent | 2026-06-12 | 9.9 Critical |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device. | ||||
| CVE-2026-47368 | 1 Ubiquiti | 31 Efg, Envr, Envr-core and 28 more | 2026-06-12 | 8.6 High |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances. | ||||
| CVE-2026-24717 | 2 Qnap, Qnap Systems | 4 Qts, Quts Hero, Qts and 1 more | 2026-06-12 | 6.5 Medium |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.3499 build 20260514 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3459 build 20260409 and later | ||||
| CVE-2026-47369 | 1 Ubiquiti | 32 Efg, Envr, Envr-core and 29 more | 2026-06-12 | 9.9 Critical |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||||
| CVE-2026-47370 | 1 Ubiquiti | 31 Efg, Envr, Envr-core and 28 more | 2026-06-12 | 9.9 Critical |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances. | ||||
| CVE-2026-45169 | 2 Cyberark, Cyberark Software A Palo Alto Networks Company | 2 Pam Sh Vault, Pam Sh Vault | 2026-06-12 | N/A |
| Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17 | ||||
| CVE-2026-9271 | 1 Keep Inmind Dashboard Notes | 1 Keep Inmind Dashboard Notes | 2026-06-12 | 5.9 Medium |
| Vulnerability Title | ||||
| CVE-2026-12060 | 1 Hepta Platforms | 1 Heptabase | 2026-06-12 | 6.5 Medium |
| Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining unauthorized access to camera and microphone permissions. | ||||
| CVE-2026-11535 | 1 Vivo | 1 Pcsuite | 2026-06-12 | N/A |
| An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device. | ||||
| CVE-2026-12058 | 1 Vivo | 1 Pcsuite | 2026-06-12 | N/A |
| The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed. | ||||
| CVE-2026-50627 | 1 Apache | 1 Cxf | 2026-06-12 | N/A |
| The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue. | ||||
| CVE-2026-11844 | 1 Iei Integration Corp | 1 Ivec Tank-xm811 | 2026-06-12 | 4.9 Medium |
| The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope. | ||||
| CVE-2026-11845 | 1 Iei Integration Corp | 1 Ivec Tank-xm811 | 2026-06-12 | 7.2 High |
| The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device. | ||||