Export limit exceeded: 351412 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351412 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351412 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36738 | 1 U-speed | 1 Ac1200 Gigabit Wi-fi Router | 2026-05-17 | 6.8 Medium |
| U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality. | ||||
| CVE-2026-36741 | 1 U-speed | 1 Ac1200 Gigabit Wifi Router | 2026-05-17 | 7.2 High |
| U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands through crafted input fields. These commands are executed with elevated privileges, leading to potential full system compromise. | ||||
| CVE-2025-27850 | 1 Garmin | 1 Wdu | 2026-05-17 | 7.5 High |
| The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the filesystem is enabled. This allows an attacker to retrieve arbitrary files from the device. | ||||
| CVE-2026-25107 | 1 Elecom | 12 Wrc-x1800gs-b, Wrc-x1800gsa-b, Wrc-x1800gsh-b and 9 more | 2026-05-17 | N/A |
| ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file. | ||||
| CVE-2026-35506 | 1 Elecom | 4 Wrc-be65qsd-b, Wrc-be72xsd-b, Wrc-be72xsd-ba and 1 more | 2026-05-17 | N/A |
| ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed. | ||||
| CVE-2026-42062 | 1 Elecom | 4 Wrc-be65qsd-b, Wrc-be72xsd-b, Wrc-be72xsd-ba and 1 more | 2026-05-17 | N/A |
| ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required. | ||||
| CVE-2026-42948 | 1 Elecom | 4 Wab-be187-m, Wab-be36-m, Wab-be36-s and 1 more | 2026-05-17 | N/A |
| Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser. | ||||
| CVE-2026-42950 | 1 Elecom | 4 Wab-be187-m, Wab-be36-m, Wab-be36-s and 1 more | 2026-05-17 | N/A |
| ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken. | ||||
| CVE-2026-42961 | 1 Elecom | 4 Wab-be187-m, Wab-be36-m, Wab-be36-s and 1 more | 2026-05-17 | N/A |
| ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations. | ||||
| CVE-2026-24711 | 1 Northern.tech | 1 Cfengine | 2026-05-17 | 5.3 Medium |
| Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control. | ||||
| CVE-2026-24712 | 1 Northern.tech | 1 Cfengine | 2026-05-17 | 7.3 High |
| Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. | ||||
| CVE-2025-69443 | 1 Coleam00 | 1 Archon | 2026-05-17 | 6.3 Medium |
| Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys. | ||||
| CVE-2026-38740 | 1 Foscam | 1 Vd1 Video Doorbell | 2026-05-17 | 5.3 Medium |
| Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol (SDP), including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can intercept these credentials to hijack media streams or authenticate to Foscam's TURN/relay infrastructure to forward arbitrary traffic at the vendor's expense. | ||||
| CVE-2026-42559 | 1 Modelcontextprotocol | 1 Rust-sdk | 2026-05-17 | 8.8 High |
| RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running on the victim's loopback or private-network interface. This vulnerability is fixed in 1.4.0. | ||||
| CVE-2025-62628 | 1 Amd | 6 Aim-t Manageability Api, Aim-t Manageability Service, Cloud Manageability Service and 3 more | 2026-05-17 | N/A |
| Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution. | ||||
| CVE-2026-44504 | 1 Aegra | 1 Aegra | 2026-05-17 | N/A |
| Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the user's full checkpoint state, and inject arbitrary messages into the user's conversation history. This vulnerability is fixed in 0.9.7. | ||||
| CVE-2026-44503 | 1 Microsoft | 6 Kiota-abstractions, Kiota-http, Kiota-http-go and 3 more | 2026-05-17 | N/A |
| The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie, Proxy-Authorization, and all custom headers are forwarded to the redirect target. | ||||
| CVE-2026-44348 | 1 Podofo | 1 Podofo | 2026-05-17 | 2.5 Low |
| PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap corruption. This vulnerability is fixed in 1.0.4. | ||||
| CVE-2026-44520 | 1 Docling-project | 1 Docling-graph | 2026-05-17 | 5.7 Medium |
| Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no IP-level validation. Additionally, requests.head() was called with allow_redirects=True, allowing an attacker to redirect requests to internal endpoints via an intermediary URL. An attacker who can control the --source CLI argument or PipelineConfig.source API parameter can trigger Server-Side Request Forgery (SSRF). This vulnerability is fixed in 1.5.1. | ||||
| CVE-2026-45781 | 1 Modelcontextprotocol | 1 Registry | 2026-05-17 | 3.5 Low |
| The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github.<user>/* namespace to OCI images they do not control. internal/validators/registries/oci.go:104-119 fails open on http.StatusTooManyRequests: when the registry's anonymous fetch to the upstream OCI registry is rate-limited, ValidateOCI returns nil and the publish is accepted without ever running the io.modelcontextprotocol.server.name label-match check at lines 122-141. That label check is the only cross-system ownership proof the registry applies to OCI packages — every other registry type (NPM, PyPI, NuGet, MCPB) treats a non-200 upstream response as a hard error. This vulnerability is fixed in 1.7.9. | ||||