Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57872 | 1 Geovision Inc. | 2 Gv-lpc2011 Lpc2211, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure. | ||||
| CVE-2026-42440 | 1 Apache | 1 Opennlp | 2026-06-29 | 7.5 High |
| OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 1.9.5 before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer count field from a binary model stream and pass that value directly to an array allocation (new String[numOutcomes], new int[numOCTypes][], new String[NUM_PREDS]) without validating that the value is non-negative or within a reasonable bound. The count is therefore fully attacker-controlled when the model file originates from an untrusted source. A crafted .bin model file in which any of these count fields is set to Integer.MAX_VALUE (or any value large enough to exhaust the available heap) triggers an OutOfMemoryError at the array allocation itself, before the corresponding label or pattern data is consumed from the stream. The error occurs very early in deserialization: for a GIS model, getOutcomes() is reached after only the model-type string, the correction constant, and the correction parameter have been read; so the attacker pays no meaningful size cost to weaponize a payload, and a single small file can crash a JVM that loads it. Any code path that deserializes a .bin model is affected, including direct use of GenericModelReader and any higher-level component that delegates to it during model load. The practical impact is denial of service against processes that load model files from untrusted or semi-trusted origins. Mitigation: * 2.x users should upgrade to 2.5.9. * 3.x users should upgrade to 3.0.0-M3. Note: The fix introduces an upper bound on each of the three count fields, checked before array allocation; counts that are negative or exceed the bound cause an IllegalArgumentException to be thrown and the read to fail fast with no large allocation. The default bound is 10,000,000, which is well above the entry counts of legitimate OpenNLP models but far below any value that would threaten heap exhaustion. Deployments that legitimately need to load models with more entries than the default can raise the limit at JVM startup by setting the OPENNLP_MAX_ENTRIES system property to the desired positive integer (e.g. -DOPENNLP_MAX_ENTRIES=50000000); invalid or non-positive values fall back to the default. Users who cannot upgrade immediately should treat all .bin model files as untrusted input unless their provenance is verified, and should avoid loading models supplied by end users or fetched from third-party repositories without integrity checks. | ||||
| CVE-2026-57873 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service. | ||||
| CVE-2026-57874 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service. | ||||
| CVE-2026-57875 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service. | ||||
| CVE-2026-57876 | 2 Geovision, Geovision Inc. | 2 Gv-lpc2011, Gv-lpclpc2011 2211 | 2026-06-29 | 7.5 High |
| An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service. | ||||
| CVE-2026-13325 | 1 Redhat | 2 Container Native Virtualization, Openshift Virtualization | 2026-06-29 | 8.5 High |
| A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. This listener proxies directly into the target virt-launcher's virtqemud control socket. An attacker with a running pod on the cluster network can connect to this listener and issue unfiltered libvirt RPC commands against another tenant's virtual machine, including reading VM memory and configuration, modifying VM state via QMP, or destroying the VM. The bind address is unconditionally 0.0.0.0 — configuring a dedicated migration network via migrations.network only changes the advertised migration IP, not the listener bind address, so the port remains reachable on the pod network even when a dedicated migration network is configured. The API documentation describes disableTLS as removing "the additional layer of live migration encryption" without disclosing that it also removes all mutual authentication. | ||||
| CVE-2026-54824 | 2 Ads By Wpquads, Wordpress | 2 Ads By Wpquads, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions. | ||||
| CVE-2026-54832 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2026-06-29 | 7.5 High |
| Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions. | ||||
| CVE-2026-54840 | 2 Tribulant, Wordpress | 2 Newsletters, Wordpress | 2026-06-29 | 7.3 High |
| Unauthenticated Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-57315 | 2 Creativethemes, Wordpress | 2 Blocksy Companion, Wordpress | 2026-06-29 | 8.5 High |
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions. | ||||
| CVE-2026-57628 | 2 Wordpress, Wpallimport | 2 Wordpress, Wp All Import | 2026-06-29 | 7.6 High |
| Administrator SQL Injection in WP All Import <= 4.0.1 versions. | ||||
| CVE-2026-57645 | 2 Tribulant, Wordpress | 2 Newsletters, Wordpress | 2026-06-29 | 8.1 High |
| newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | ||||
| CVE-2026-57663 | 2 Really-simple-plugins, Wordpress | 2 Recipe Maker For Your Food Blog From Zip Recipes, Wordpress | 2026-06-29 | 8.5 High |
| Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | ||||
| CVE-2026-21734 | 1 Imaginationtech | 1 Graphics Ddk | 2026-06-29 | 7.7 High |
| A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write. | ||||
| CVE-2026-5757 | 1 Ollama | 1 Ollama | 2026-06-29 | 7.5 High |
| Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence. | ||||
| CVE-2026-45195 | 1 Imaginationtech | 1 Graphics Ddk | 2026-06-29 | 7.8 High |
| Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system. | ||||
| CVE-2026-52884 | 1 Notepad-plus-plus | 1 Notepad++ | 2026-06-29 | 7.8 High |
| Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a prefix-based check (PathIsPrefix() or equivalent) that matches paths starting with trusted directory strings. A path traversal using ..\..\ after a trusted directory prefix passes the check while resolving to an untrusted location. The CVE-2026-48800 patch adds isInTrustedDirectory() validation in Command::run() (RunDlg.cpp) before calling ShellExecute(). This function checks whether the resolved executable path is under a trusted directory. This vulnerability is fixed in 8.9.6.2. | ||||
| CVE-2026-48778 | 1 Notepad-plus-plus | 1 Notepad++ | 2026-06-29 | 7.8 High |
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File → Open Containing Folder → cmd), NppCommands.cpp:228 creates a Command object with this value and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. This vulnerability is fixed in 8.9.6.1. | ||||
| CVE-2023-37524 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2026-06-29 | 7.7 High |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerable third-party components. | ||||