Export limit exceeded: 358352 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358352 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-53705 | 1 Redhat | 1 Enterprise Linux | 2026-06-16 | 7.6 High |
| A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * channels) in gst_wavpack_dec_handle_frame() causes a very small heap allocation. The WavPack library then writes decoded audio samples far beyond the allocated buffer, resulting in heap memory corruption. This affects both 32-bit and 64-bit systems since the arithmetic is performed in 32-bit integers before promotion to the allocation size type. A remote attacker could use this flaw to crash an application or potentially execute arbitrary code by convincing a user to open a malicious WavPack audio file. | ||||
| CVE-2025-31200 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-16 | 9.8 Critical |
| A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1. | ||||
| CVE-2025-24132 | 1 Apple | 3 Airplay Audio Software Development Kit, Airplay Video Software Development Kit, Carplay Communication Plug-in | 2026-06-16 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination. | ||||
| CVE-2025-55650 | 1 Gpac | 1 Mp4box | 2026-06-16 | 5.5 Medium |
| A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55661 | 1 Gpac | 1 Mp4box | 2026-06-16 | 5.5 Medium |
| A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2026-40767 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions. | ||||
| CVE-2026-48965 | 2 Watchful, Wordpress | 2 Xcloner, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions. | ||||
| CVE-2025-24104 | 1 Apple | 2 Ipados, Iphone Os | 2026-06-16 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
| CVE-2025-24118 | 1 Apple | 2 Ipados, Macos | 2026-06-16 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2025-24160 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-16 | 4.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination. | ||||
| CVE-2025-24131 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-16 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service. | ||||
| CVE-2026-49764 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | ||||
| CVE-2026-49773 | 2 Foliovision, Wordpress | 2 Fv Flowplayer Video Player, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. | ||||
| CVE-2026-48017 | 1 Dbgate | 1 Dbgate | 2026-06-16 | 8.8 High |
| DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user (with basic access, no special permissions required) can inject arbitrary JavaScript code that executes on the server with full process privileges, bypassing the require=null sandbox restriction. An authenticated user with basic access (no admin role, no run-shell-script permission required) can: execute arbitrary OS commands on the DbGate server with the privileges of the Node.js process, read/write any file accessible to the process, pivot to connected databases by reading connection credentials from DbGate's storage, and compromise the host system - in Docker deployments, this typically means root access within the container. | ||||
| CVE-2025-24126 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-16 | 9.8 Critical |
| An input validation issue was addressed. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to corrupt process memory. | ||||
| CVE-2019-25746 | 2 Slicedinvoices, Wordpress | 2 Sliced Invoices, Wordpress | 2026-06-16 | 7.1 High |
| WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data. | ||||
| CVE-2026-34902 | 2 Wcproducttable, Wordpress | 2 Woocommerce Product Table Lite, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions. | ||||
| CVE-2026-39471 | 2 Shortpixel, Wordpress | 2 Shortpixel Image Optimizer, Wordpress | 2026-06-16 | 7.2 High |
| Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions. | ||||
| CVE-2026-39489 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2026-06-16 | 4.4 Medium |
| Author Arbitrary File Download in Download Monitor <= 5.1.9 versions. | ||||
| CVE-2026-42767 | 1 Openssl | 1 Openssl | 2026-06-16 | 5.9 Medium |
| Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server (or acting as a man-in-the-middle) could craft a CMP response containing a CRMF (Certificate Request Message Format) CertRepMessage with an EncryptedValue structure where the symmAlg field has an algorithm OID but no parameters field. When the OpenSSL CMP client processes this response, the NULL dereference occurs, causing a crash of the CMP client. Applications that process untrusted CMP/CRMF messages may be affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. | ||||