Export limit exceeded: 11171 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8843 | 2026-05-18 | 6.5 Medium | ||
| Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryable_encrypted_range" indices. This issue affects MongoDB Server v7.0 versions prior to 7.0.32, v8.0 versions prior to 8.0.21 and v8.2 versions prior to 8.2.6 | ||||
| CVE-2026-42579 | 1 Netty | 1 Netty | 2026-05-18 | 7.5 High |
| Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final. | ||||
| CVE-2026-44718 | 1 Mathesar-foundation | 1 Mathesar | 2026-05-18 | N/A |
| Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifying that the requesting user was a collaborator on the exploration’s database. An authenticated user on the same Mathesar installation who knew or guessed an exploration ID could read, replace, or delete a saved exploration belonging to a database where they were not a collaborator. This affected Mathesar-managed saved exploration definitions, including names, descriptions, selected columns, display metadata, filters, sorting, and transformations. This vulnerability is fixed in 0.10.0. | ||||
| CVE-2026-8586 | 1 Google | 1 Chrome | 2026-05-18 | 5.5 Medium |
| Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-41895 | 2 Dgtlmoon, Webtechnologies | 2 Changedetection.io, Changedetection | 2026-05-18 | 7.5 High |
| changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...). | ||||
| CVE-2026-6479 | 1 Postgresql | 1 Postgresql | 2026-05-18 | 7.5 High |
| Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | ||||
| CVE-2026-6475 | 1 Postgresql | 1 Postgresql | 2026-05-18 | 8.8 High |
| Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | ||||
| CVE-2026-42456 | 1 Mintplexlabs | 2 Anything-llm, Anythingllm | 2026-05-18 | 4.3 Medium |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace because the route validates workspace membership but does not enforce ownership of the targeted chat row. As a result, an authenticated user can access another user's private assistant response in audio form if the chatId is known or guessed. This constitutes an insecure direct object reference (IDOR) affecting private chat response content exposed through the TTS endpoint. This issue has been patched in version 1.12.1. | ||||
| CVE-2026-43344 | 1 Linux | 1 Linux Kernel | 2026-05-18 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline. Remove the WARN_ON_ONCE(die_id == -1) check for two reasons: - The current code breaks out of the loop. This is incorrect because pci_get_device() does not guarantee iteration in domain or bus order, so additional UBOX devices may be skipped during the scan. - Returning -EINVAL is incorrect, since marking offline buses with die_id == -1 is expected and should not be treated as an error. Separately, when NUMA is disabled on a NUMA-capable platform, pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die() to return -1 for all PCI devices. As a result, spr_update_device_location(), used on Intel SPR and EMR, ignores the corresponding PMON units and does not add them to the RB tree. Fix this by using uncore_pcibus_to_dieid(), which retrieves topology from the UBOX GIDNIDMAP register and works regardless of whether NUMA is enabled in Linux. This requires snbep_pci2phy_map_init() to be added in spr_uncore_pci_init(). Keep uncore_device_to_die() only for the nr_node_ids > 8 case, where NUMA is expected to be enabled. | ||||
| CVE-2026-8786 | 1 Tencent | 1 Weknora | 2026-05-18 | 6.3 Medium |
| A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-42355 | 1 M2team | 1 Nanazip | 2026-05-18 | 3.3 Low |
| NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's GetAllPaths function recurse without depth limits, exhausting the thread stack and crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0. | ||||
| CVE-2026-34094 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-05-18 | 3.8 Low |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | ||||
| CVE-2026-44424 | 2 Shellhub, Shellhub-io | 2 Shellhub, Shellhub | 2026-05-18 | 6.5 Medium |
| ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace (tenant). Any authenticated user (JWT or API Key) who knows or can guess a device UID can read device metadata from any other namespace. This vulnerability is fixed in 0.24.2. | ||||
| CVE-2026-8784 | 1 Npitre | 1 Cramfs-tools | 2026-05-18 | 4.2 Medium |
| A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-39847 | 1 4d | 2 4d Server, Server | 2026-05-17 | 7.5 High |
| Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. | ||||
| CVE-2024-13971 | 3 Lobster, Lobster-world, Lobster Gmbh | 3 Lobster Pro, Lobster Pro, Lobster Pro | 2026-05-17 | 7.5 High |
| Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. | ||||
| CVE-2023-30059 | 1 Mk-auth | 1 Mk-auth | 2026-05-17 | 5.4 Medium |
| An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request. | ||||
| CVE-2026-44504 | 1 Aegra | 1 Aegra | 2026-05-17 | N/A |
| Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the user's full checkpoint state, and inject arbitrary messages into the user's conversation history. This vulnerability is fixed in 0.9.7. | ||||
| CVE-2026-44503 | 1 Microsoft | 6 Kiota-abstractions, Kiota-http, Kiota-http-go and 3 more | 2026-05-17 | N/A |
| The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie, Proxy-Authorization, and all custom headers are forwarded to the redirect target. | ||||
| CVE-2026-44520 | 1 Docling-project | 1 Docling-graph | 2026-05-17 | 5.7 Medium |
| Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no IP-level validation. Additionally, requests.head() was called with allow_redirects=True, allowing an attacker to redirect requests to internal endpoints via an intermediary URL. An attacker who can control the --source CLI argument or PipelineConfig.source API parameter can trigger Server-Side Request Forgery (SSRF). This vulnerability is fixed in 1.5.1. | ||||