Search Results (8786 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-10045 1 Shenzhen Kangda Xin Intelligent Network Technology 1 Dr300 2026-06-10 9.8 Critical
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.
CVE-2026-44275 1 Dell 1 Dell\/alienware Purchased Apps 2026-06-10 6.3 Medium
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
CVE-2026-41841 2 Spring, Vmware 2 Spring Framework, Spring Framework 2026-06-09 5.9 Medium
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
CVE-2026-8365 2 Creativethemes, Wordpress 2 Blocksy, Wordpress 2026-06-09 8.8 High
The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksy_sanitize_post_meta_options() function, which only blocks values containing '<' or '>' and does not prevent serialized PHP object strings from being stored in post meta, combined with the SearchReplacer::run_recursively() function unconditionally deserializing all string values via @unserialize() during migration without restricting allowed classes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a serialized Blocksy\RaiiPattern object into post meta that, when the V200 migration runs on an upgraded site, is deserialized and triggers RaiiPattern::__destruct(), which executes arbitrary PHP callables via call_user_func().
CVE-2024-49132 1 Microsoft 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49123 1 Microsoft 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49128 1 Microsoft 8 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 5 more 2026-06-09 8.1 High
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2024-49095 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-06-09 7 High
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2024-49147 1 Microsoft 2 .update Catalog, Update Catalog 2026-06-09 9.3 Critical
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
CVE-2024-49126 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-06-09 8.1 High
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVE-2024-49115 1 Microsoft 6 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 3 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49108 1 Microsoft 6 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 3 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49107 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-06-09 7.3 High
WmsRepair Service Elevation of Privilege Vulnerability
CVE-2024-49106 1 Microsoft 6 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 3 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49097 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-06-09 7 High
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2024-49091 1 Microsoft 8 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 5 more 2026-06-09 7.2 High
Windows Domain Name Service Remote Code Execution Vulnerability
CVE-2024-49070 1 Microsoft 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 2026-06-09 7.4 High
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2024-49059 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2026-06-09 7 High
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-43603 1 Microsoft 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more 2026-06-09 5.5 Medium
Visual Studio Collector Service Denial of Service Vulnerability
CVE-2024-43563 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2026-06-09 7.8 High
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability