Search Results (1079 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-12778 1 Aomei 1 Partition Assistant 2026-06-22 7.8 High
A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-12771 1 Litellm 1 Litellm 2026-06-22 5 Medium
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
CVE-2026-12781 1 Easeus 1 Partition Master 2026-06-22 7.8 High
A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists."
CVE-2025-59563 2 Sonaar Music, Wordpress 2 Sonaar, Wordpress 2026-06-20 8.8 High
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
CVE-2025-69138 2 Jthemes, Wordpress 2 Genemy, Wordpress 2026-06-20 8.8 High
Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.
CVE-2025-69179 2 Theme Passion, Wordpress 2 Support Ticket Management System, Wordpress 2026-06-20 9.8 Critical
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
CVE-2026-49058 2 Loginpress, Wordpress 2 Loginpress Pro, Wordpress 2026-06-20 9.8 Critical
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
CVE-2026-54805 2 Sbouey, Wordpress 2 Falang Multilanguage, Wordpress 2026-06-20 8.8 High
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
CVE-2026-54807 2 Themegrill, Wordpress 2 Registration Form For Woocommerce, Wordpress 2026-06-20 9.8 Critical
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
CVE-2026-12294 1 Mozilla 1 Firefox 2026-06-18 9.6 Critical
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-12529 1 Sourcecodester 1 Cet Automated Grading System With Ai Predictive Analytics 2026-06-18 7.3 High
A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote exploitation of the attack is possible.
CVE-2026-12448 1 Google 1 Chrome 2026-06-18 8.8 High
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
CVE-2026-12289 1 Mozilla 2 Firefox, Thunderbird 2026-06-17 8.8 High
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-39546 2 Techspawn, Wordpress 2 Multiloca, Wordpress 2026-06-17 7.6 High
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
CVE-2026-54196 2 Jetmonsters, Wordpress 2 Jetformbuilder, Wordpress 2026-06-17 6.8 Medium
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
CVE-2026-27395 2 Schiocco, Wordpress 2 Support Board, Wordpress 2026-06-17 9.8 Critical
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
CVE-2026-53862 1 Openclaw 1 Openclaw 2026-06-16 4.2 Medium
OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.
CVE-2026-53847 1 Openclaw 1 Openclaw 2026-06-16 5.4 Medium
OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.
CVE-2026-44173 1 Mariadb 2 Mariadb, Server 2026-06-16 5 Medium
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
CVE-2026-45830 2 Chroma, Trychroma 2 Chromadb, Chromadb 2026-06-16 8.8 High
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.