Export limit exceeded: 284711 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (284771 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-11218 1 Redhat 7 Enterprise Linux, Openshift, Openshift Ironic and 4 more 2026-06-29 8.6 High
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
CVE-2023-32256 1 Redhat 1 Enterprise Linux 2026-06-29 7.5 High
A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue.
CVE-2023-20540 1 Amd 5 Ryzen 3000 Series Desktop Processors, Ryzen 5000 Series Desktop Processors, Ryzen Threadripper 3000 Series Processors and 2 more 2026-06-29 N/A
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
CVE-2023-20572 1 Amd 16 Athlon 3000 Series Mobile Processors With Radeon Graphics, Ryzen 3000 Series Desktop Processors, Ryzen 4000 Series Desktop Processors and 13 more 2026-06-29 N/A
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
CVE-2024-23581 1 Hcltech 1 Traveler For Microsoft Outlook 2026-06-29 6.7 Medium
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.
CVE-2023-37524 1 Hcltech 1 Traveler For Microsoft Outlook 2026-06-29 7.7 High
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service.  Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerable third-party components.
CVE-2024-21490 1 Angularjs 1 Angular.js 2026-06-29 7.5 High
This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
CVE-2021-22769 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2026-06-29 5.3 Medium
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.
CVE-2020-37256 1 Getgrav 1 Grav-plugin-admin 2026-06-27 5.4 Medium
Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access.
CVE-2021-47987 1 Parseplatform 1 Parse-server 2026-06-26 7.5 High
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (for example, parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out.
CVE-2024-21523 1 Npmjs 1 Images 2026-06-26 7.5 High
All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.
CVE-2021-47986 1 Parseplatform 1 Parse-server 2026-06-26 7.5 High
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code.
CVE-2023-3640 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-06-26 7 High
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
CVE-2023-39328 2 Redhat, Uclouvain 2 Enterprise Linux, Openjpeg 2026-06-26 5.5 Medium
A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
CVE-2016-20066 2 Dwbooster, Wordpress 2 Cp Polls, Wordpress 2026-06-26 7.2 High
WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary JavaScript in the browsers of users viewing the affected content.
CVE-2016-20067 2 Dwbooster, Wordpress 2 Cp Polls, Wordpress 2026-06-26 4.3 Medium
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.
CVE-2016-20069 2 Dwbooster, Wordpress 2 Booking Calendar Contact Form, Wordpress 2026-06-26 8.2 High
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to execute arbitrary SQL queries and extract sensitive database information.
CVE-2016-20070 2 Dwbooster, Wordpress 2 Booking Calendar Contact Form, Wordpress 2026-06-26 6.4 Medium
WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with subscriber-level accounts can inject XSS payloads through parameters like price, name, calendar_language, and email_confirmation_to_user via admin-ajax.php and admin.php endpoints to execute arbitrary JavaScript in administrator browsers.
CVE-2016-20068 2 Dwbooster, Wordpress 2 Booking Calendar Contact Form, Wordpress 2026-06-26 8.2 High
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint with the action parameter set to 'dex_bccf_calendar_ajaxevent' and supply crafted SQL commands in the 'id' parameter to extract sensitive database information.
CVE-2024-38487 1 Dell 1 Emc Vxrail Appliance 2026-06-26 7 High
api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.