Export limit exceeded: 360667 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360667 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20259 | 1 Joomlashack | 1 Osdownloads | 2026-06-23 | 8.2 High |
| Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_osdownloads&view=item&id=[SQL] to extract sensitive database information including credentials and configuration data. | ||||
| CVE-2017-20265 | 1 Pulseextensions | 1 Flip Wall | 2026-06-23 | 7.1 High |
| Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_flipwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information. | ||||
| CVE-2017-20271 | 1 Nordmograph | 1 Streetguessr Game | 2026-06-23 | 8.2 High |
| Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=com_streetguess&view=maps parameters and inject SQL code in the catid parameter to extract sensitive database information including version and database names. | ||||
| CVE-2017-20277 | 1 Joomboost | 1 Joomla Joomrecipe | 2026-06-23 | 8.2 High |
| Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques. | ||||
| CVE-2026-32590 | 1 Redhat | 3 Mirror Registry, Mirror Registry For Red Hat Openshift, Quay | 2026-06-23 | 7.1 High |
| A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server. | ||||
| CVE-2026-32589 | 1 Redhat | 3 Mirror Registry, Mirror Registry For Red Hat Openshift, Quay | 2026-06-23 | 7.4 High |
| A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload. | ||||
| CVE-2023-6879 | 2 Aomedia, Fedoraproject | 2 Aomedia, Fedora | 2026-06-23 | 9 Critical |
| Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). | ||||
| CVE-2023-6478 | 4 Debian, Redhat, Tigervnc and 1 more | 11 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 8 more | 2026-06-23 | 7.6 High |
| A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. | ||||
| CVE-2023-6377 | 4 Debian, Redhat, Tigervnc and 1 more | 11 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 8 more | 2026-06-23 | 7.8 High |
| A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. | ||||
| CVE-2023-5868 | 2 Postgresql, Redhat | 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more | 2026-06-23 | 4.3 Medium |
| A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. | ||||
| CVE-2023-5574 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2026-06-23 | 7 High |
| A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. | ||||
| CVE-2023-5380 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2026-06-23 | 4.7 Medium |
| A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. | ||||
| CVE-2023-5367 | 4 Debian, Fedoraproject, Redhat and 1 more | 17 Debian Linux, Fedora, Enterprise Linux and 14 more | 2026-06-23 | 7.8 High |
| A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. | ||||
| CVE-2023-49082 | 2 Aiohttp, Redhat | 5 Aiohttp, Ansible Automation Platform, Rhui and 2 more | 2026-06-23 | 5.3 Medium |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0. | ||||
| CVE-2023-49081 | 2 Aiohttp, Redhat | 5 Aiohttp, Ansible Automation Platform, Rhui and 2 more | 2026-06-23 | 7.2 High |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. | ||||
| CVE-2023-48706 | 1 Vim | 1 Vim | 2026-06-23 | 3.6 Low |
| Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. | ||||
| CVE-2023-48237 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2026-06-23 | 2.8 Low |
| Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48236 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2026-06-23 | 2.8 Low |
| Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48235 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2026-06-23 | 2.8 Low |
| Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48234 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2026-06-23 | 2.8 Low |
| Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||